diff --git a/jupyter_server-2.11.0.tar.gz b/jupyter_server-2.11.0.tar.gz
deleted file mode 100644
index 7a26c94..0000000
--- a/jupyter_server-2.11.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:78c97ec8049f9062f0151725bc8a1364dfed716646a66819095e0e8a24793eba
-size 710596
diff --git a/jupyter_server-2.11.2.tar.gz b/jupyter_server-2.11.2.tar.gz
new file mode 100644
index 0000000..9d83c25
--- /dev/null
+++ b/jupyter_server-2.11.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0c99f9367b0f24141e527544522430176613f9249849be80504c6d2b955004bb
+size 712617
diff --git a/python-jupyter-server.changes b/python-jupyter-server.changes
index 7412b0a..645c318 100644
--- a/python-jupyter-server.changes
+++ b/python-jupyter-server.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Dec  5 09:59:47 UTC 2023 - Ben Greiner <code@bnavigator.de>
+
+- Update to 2.11.2: Fix GHSA-h56g-gq9v-vc8r, CVE-2023-49080,
+  boo#1217809
+  * Unhandled errors in API requests include traceback information,
+    which can include path information. There is no known mechanism
+    by which to trigger these errors without authentication, so the
+    paths revealed are not considered particularly sensitive, given
+    that the requesting user has arbitrary execution permissions
+    already in the same environment.
+  * jupyter-server no longer includes traceback information in JSON
+    error responses. For compatibility, the traceback field is
+    present, but always empty.
+- Release 2.11.1
+  * avoid unhandled error on some invalid paths #1369 (@minrk)
+  * Change md5 to hash and hash_algorithm, fix incompatibility
+    #1367 (@Wh1isper)
+
 -------------------------------------------------------------------
 Sun Nov 26 16:16:36 UTC 2023 - Ben Greiner <code@bnavigator.de>
 
diff --git a/python-jupyter-server.spec b/python-jupyter-server.spec
index 21da469..79d6ef1 100644
--- a/python-jupyter-server.spec
+++ b/python-jupyter-server.spec
@@ -32,7 +32,7 @@
 %endif
 
 Name:           python-jupyter-server%{psuffix}
-Version:        2.11.0
+Version:        2.11.2
 Release:        0
 Summary:        The backend to Jupyter web applications
 License:        BSD-3-Clause