diff --git a/python-waitress.changes b/python-waitress.changes
index bdbe7c3..2c50106 100644
--- a/python-waitress.changes
+++ b/python-waitress.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
+
+- update to 1.4.0:
+  - Waitress used to slam the door shut on HTTP pipelined requests without
+  setting the ``Connection: close`` header as appropriate in the response. This
+  is of course not very friendly. Waitress now explicitly sets the header when
+  responding with an internally generated error such as 400 Bad Request or 500
+  Internal Server Error to notify the remote client that it will be closing the
+  connection after the response is sent.
+
+  - Waitress no longer allows any spaces to exist between the header field-name
+  and the colon. While waitress did not strip the space and thereby was not
+  vulnerable to any potential header field-name confusion, it should have sent
+  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
+
+  - CRLR handling Security fixes
+
 -------------------------------------------------------------------
 Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>
 
diff --git a/python-waitress.spec b/python-waitress.spec
index 517f772..de531a4 100644
--- a/python-waitress.spec
+++ b/python-waitress.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-waitress
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-waitress
-Version:        1.3.1
+Version:        1.4.0
 Release:        0
 Summary:        Waitress WSGI server
 License:        ZPL-2.1
@@ -59,7 +59,7 @@ This package contains documentation files for %{name}.
 
 %prep
 %setup -q -n waitress-%{version}
-%patch -p1
+#%patch -p1
 cp %{S:1} docs/
 
 %build
diff --git a/waitress-1.3.1.tar.gz b/waitress-1.3.1.tar.gz
deleted file mode 100644
index 047d09b..0000000
--- a/waitress-1.3.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:278e09d6849acc1365404bbf7d790d0423b159802e850c726e8cd0a126a2dac7
-size 167097
diff --git a/waitress-1.4.0.tar.gz b/waitress-1.4.0.tar.gz
new file mode 100644
index 0000000..dc222ab
--- /dev/null
+++ b/waitress-1.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b3b6450106b65bfcbefce5940fff23240305db86683cbf4e524af199b514ba61
+size 170493