diff --git a/CVE-2020-1695.patch b/CVE-2020-1695.patch
new file mode 100644
index 0000000000000000000000000000000000000000..23912d1a100f3b91e1a2a3d83ea7aa9309373c0f
--- /dev/null
+++ b/CVE-2020-1695.patch
@@ -0,0 +1,44 @@
+From acf15f2a8067f7e4cf5838342cecfa0b78a174fb Mon Sep 17 00:00:00 2001
+From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
+Date: Thu, 16 Apr 2020 14:01:17 +0100
+Subject: [PATCH] [RESTEASY-2559] Improper validation of response header in
+ MediaTypeHeaderDelegate.java class
+
+---
+ .../plugins/delegates/MediaTypeHeaderDelegate.java |  1 +
+ .../test/mediatype/MediaTypeHeaderTest.java        | 14 ++++++++++++++
+ 2 files changed, 15 insertions(+)
+ create mode 100644 testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+
+diff --git a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
+index ccf08a4622..4e48e622b1 100644
+--- a/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
++++ b/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/delegates/MediaTypeHeaderDelegate.java
+@@ -49,6 +49,7 @@ protected static boolean isValid(String str)
+             case '[':
+             case ']':
+             case '=':
++            case '\n':
+                return false;
+             default:
+                break;
+diff --git a/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+new file mode 100644
+index 0000000000..e46f018f7f
+--- /dev/null
++++ b/testsuite/unit-tests/src/test/java/org/jboss/resteasy/test/mediatype/MediaTypeHeaderTest.java
+@@ -0,0 +1,14 @@
++package org.jboss.resteasy.test.mediatype;
++
++import org.jboss.resteasy.plugins.delegates.MediaTypeHeaderDelegate;
++import org.junit.Test;
++
++public class MediaTypeHeaderTest {
++
++   @Test(expected = IllegalArgumentException.class)
++   public void testNewLineInHeaderValueIsRejected() {
++      MediaTypeHeaderDelegate delegate = new MediaTypeHeaderDelegate();
++
++      delegate.fromString("foo/bar\n");
++   }
++}
diff --git a/resteasy.spec b/resteasy.spec
index 2629c0ea7762031f36c6e941280ef4a9759ed395..13bc00a521d121420dfe555f9953246655b32133 100644
--- a/resteasy.spec
+++ b/resteasy.spec
@@ -2,7 +2,7 @@
 %global namedversion %{version}%{namedreltag}
 Name:                resteasy
 Version:             3.0.19
-Release:             4
+Release:             5
 Summary:             Framework for RESTful Web services and Java applications
 License:             ASL 2.0 and CDDL
 URL:                 https://github.com/resteasy/Resteasy/
@@ -13,6 +13,7 @@ Patch2:              CVE-2016-9606.patch
 Patch3:              CVE-2021-20289.patch
 Patch4:              CVE-2020-10688-1.patch
 Patch5:              CVE-2020-10688-2.patch
+Patch6:              CVE-2020-1695.patch
 
 BuildArch:           noarch
 BuildRequires:       maven-local mvn(com.beust:jcommander) mvn(com.fasterxml:classmate)
@@ -203,6 +204,7 @@ find -name '*.jar' -print -delete
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
+%patch6 -p1
 %pom_disable_module resteasy-spring jaxrs
 %pom_disable_module fastinfoset jaxrs/providers
 %pom_disable_module examples jaxrs
@@ -337,6 +339,9 @@ done
 %license jaxrs/License.html
 
 %changelog
+* Tue Jan 04 2022 wangkai <wangkai385@huawei.com> - 3.0.19-5
+- fix CVE-2020-1695
+
 * Thu Jun 10 2021 wangyue <wangyue92@huawei.com> - 3.0.19-4
 - fix CVE-2020-10688