diff --git a/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
new file mode 100644
index 0000000000000000000000000000000000000000..08b33d0d35914c5b6cc88595cd5bcb7c015ece3c
--- /dev/null
+++ b/bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
@@ -0,0 +1,39 @@
+From 5388d980c8137c3ee6924f145bd284169d838fad Mon Sep 17 00:00:00 2001
+From: Evan Goode <mail@evangoo.de>
+Date: Tue, 30 Jan 2024 21:36:46 +0000
+Subject: [PATCH] automatic: Use add_security_filters, not_update_security_filters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upstream commit: 0b4b8cc8940a4073b33f1bb772651ae27e55f299
+Resolves: https://issues.redhat.com/browse/RHEL-21874
+
+It seems that these two approaches for selecting security updates
+sometimes disagree. The regular `dnf update` command uses
+base.add_security_filters to select security updates, so dnf-automatic
+should do the same.
+
+Signed-off-by: Petr Písař <ppisar@redhat.com>
+
+---
+ dnf/automatic/main.py | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/dnf/automatic/main.py b/dnf/automatic/main.py
+index f6f4049..caef627 100644
+--- a/dnf/automatic/main.py
++++ b/dnf/automatic/main.py
+@@ -375,8 +375,7 @@ def main(args):
+ 
+ def upgrade(base, upgrade_type):
+     if upgrade_type == 'security':
+-        base._update_security_filters.append(base.sack.query().upgrades().filterm(
+-            advisory_type='security'))
++        base.add_security_filters("gte", ("security",))
+         base.upgrade_all()
+     elif upgrade_type == 'default':
+         base.upgrade_all()
+-- 
+2.43.0
+
diff --git a/dnf.spec b/dnf.spec
index 9c60ffe3772f65dea128555892ab4f08d6f21e58..058466d7abc7083c7c4dd39f913b2fa84bae00be 100644
--- a/dnf.spec
+++ b/dnf.spec
@@ -3,7 +3,7 @@
 
 Name:                 dnf
 Version:              4.16.2
-Release:              6
+Release:              8
 Summary:              A software package manager that manages packages on Linux distributions.
 License:              GPL-2.0-or-later AND GPL-1.0-only
 URL:                  https://github.com/rpm-software-management/dnf
@@ -32,6 +32,8 @@ Patch6006:            backport-Limit-queries-to-nevra-forms-when-provided-by-com
 Patch6007:            backport-doc-Remove-provide-of-spec-definition-for-repoquery-command.patch
 Patch6008:            backport-Update-the-man-page-entry-for-the-countme-option.patch
 
+Patch9001:            bugfix-automatic-Use-add_security_filters-not-_update_secur.patch
+
 BuildArch:            noarch
 BuildRequires:        cmake gettext systemd bash-completion python3-sphinx
 Requires:             python3-%{name} = %{version}-%{release} libreport-filesystem
@@ -258,6 +260,15 @@ popd
 %{_mandir}/man8/%{name}-automatic.8*
 
 %changelog
+* Mon Nov 04 2024 majianhan <majianhan@kylinos.cn> - 4.16.2-8
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: Fix dnf-automatic service to apply security updates the same way as dnf tool
+
+* Mon Sep 9 2024 zhangzikang <zhangzikang@kylinos.cn> - 4.16.2-7
+- Allow local downloads to same downloaddir
+
 * Wed Aug 14 2024 Funda Wang <fundawang@yeah.net> - 4.16.2-6
 - Drop wrong obsolete tag