diff --git a/ark-16.08.3-security.patch b/ark-16.08.3-security.patch
new file mode 100644
index 0000000..107524c
--- /dev/null
+++ b/ark-16.08.3-security.patch
@@ -0,0 +1,12 @@
+diff -up ark-16.08.3/part/part.cpp.orig ark-16.08.3/part/part.cpp
+--- ark-16.08.3/part/part.cpp.orig	2017-01-10 13:18:12.585400846 +0100
++++ ark-16.08.3/part/part.cpp	2017-01-10 13:18:42.270278115 +0100
+@@ -945,7 +945,7 @@ void Part::slotOpenExtractedEntry(KJob *
+         } else {
+             KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile),
+                          QMimeDatabase().mimeTypeForFile(fullName).name(),
+-                         widget());
++                         widget(), false, false);
+         }
+     } else if (job->error() != KJob::KilledJobError) {
+         KMessageBox::error(widget(), job->errorString());
diff --git a/ark.spec b/ark.spec
index 0e0d73d..9a02bc0 100644
--- a/ark.spec
+++ b/ark.spec
@@ -5,7 +5,7 @@
 Name:    ark
 Summary: Archive manager
 Version: 16.08.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: GPLv2+
 URL:     https://quickgit.kde.org/?p=%{name}.git
@@ -21,6 +21,7 @@ Source0: http://download.kde.org/%{stable}/applications/%{version}/src/%{name}-%
 ## upstreamable patches
 
 ## upstream patches
+Patch0: ark-16.08.3-security.patch
 
 BuildRequires: bzip2-devel
 BuildRequires: desktop-file-utils
@@ -89,7 +90,7 @@ Provides: ark-part%{?_isa} = %{version}-%{release}
 
 
 %prep
-%autosetup
+%autosetup -p1
 
 
 %build
@@ -155,6 +156,9 @@ fi
 
 
 %changelog
+* Tue Jan 10 2017 Than Ngo <than@redhat.com> - 16.08.3-2
+- fix the security issue in ark, stop running executables when opening urls
+
 * Mon Dec 05 2016 Rex Dieter <rdieter@fedoraproject.org> - 16.08.3-1
 - 16.08.3