diff --git a/golang.spec b/golang.spec
index f63534ee7755b53ec7c2dbf5aca6c7792dd50f20..8a6e9c7e309dc2ff0ca95bb6f22c7a353e873b2c 100644
--- a/golang.spec
+++ b/golang.spec
@@ -1,4 +1,4 @@
-%define anolis_release 11
+%define anolis_release 12
 
 # Disable debuginfo packages
 %global debug_package %{nil}
@@ -155,6 +155,7 @@ Patch1013: 0013-crypto-hash-math-Add-sw64-port.patch
 Patch1014: 0014-api-Add-sw64-port.patch
 Patch1015: 0015-debug-Add-sw64-port.patch
 Patch1016: 0016-encoding-os-sw64-add-var-NativeEndian.patch
+Patch50: go-CVE-2025-58185-prevent-memory-exhaustion-in-asn1.patch
 
 # The compiler is written in Go. Needs go(1.4+) compiler for build.
 %if %{with bootstrap}
@@ -632,6 +633,10 @@ fi
 %files docs -f go-docs.list
 
 %changelog
+* Mon Apr 05 2025 Anolis Security Team - 1.24-12
+- Sync upstream changes from commit 5c3d61c886f7ecfce9a6d6d3c97e6d5a8afb17d1
+- Prevent memory exhaustion in encoding/asn1 when parsing large DER sequences (CVE-2025-58185)
+
 * Mon Nov 3 2025 wh02252983 <wh02252983@alibaba-inc.com> - 1.24.0-11
 - add patch to fix CVE-2025-58189