diff --git a/.gitignore b/.gitignore
index 836a60a..2e73fa8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@
 /mod_auth_mellon-0.9.1.tar.gz
 /mod_auth_mellon-0.10.0.tar.gz
 /mod_auth_mellon-0.11.0.tar.gz
+/mod_auth_mellon-0.11.1.tar.gz
diff --git a/mod_auth_mellon.spec b/mod_auth_mellon.spec
index e39ef67..79e461c 100644
--- a/mod_auth_mellon.spec
+++ b/mod_auth_mellon.spec
@@ -1,7 +1,7 @@
 Summary: A SAML 2.0 authentication module for the Apache Httpd Server
 Name: mod_auth_mellon
-Version: 0.11.0
-Release: 3%{?dist}
+Version: 0.11.1
+Release: 1%{?dist}
 Group: System Environment/Daemons
 Source0: https://github.com/UNINETT/mod_auth_mellon/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1: auth_mellon.conf
@@ -65,6 +65,15 @@ install -m 755 %{SOURCE4} %{buildroot}/%{_libexecdir}/%{name}
 %dir /run/%{name}/
 
 %changelog
+* Wed Mar  9 2016 John Dennis <jdennis@redhat.com> - 0.11.1-1
+- Upgrade to upstream 0.11.1 release
+- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
+  incorrect error handling when reading POST data from client.
+
+- [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
+  resource exhaustion) due to missing size checks when reading
+  POST data.
+
 * Wed Dec 23 2015 John Dennis <jdennis@redhat.com> - 0.11.0-3
 - Fix the following warning that appears in the Apache log
   lasso-CRITICAL **: lasso_provider_get_metadata_list_for_role: assertion '_lasso_provider_get_role_index(role)' failed
diff --git a/sources b/sources
index c50f057..ea1cde0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d24347881f1c60f26cf686d22cf419de  mod_auth_mellon-0.11.0.tar.gz
+f7fa75e579d06296a3c3ee7beff0c141  mod_auth_mellon-0.11.1.tar.gz