diff --git a/assimp-5.0.1-unbundle.patch b/assimp-5.0.1-unbundle.patch
index 0d937d5..0414ab9 100644
--- a/assimp-5.0.1-unbundle.patch
+++ b/assimp-5.0.1-unbundle.patch
@@ -1,6 +1,5 @@
-diff -up ./CMakeLists.txt.unbundle ./CMakeLists.txt
 --- ./CMakeLists.txt.unbundle	2020-01-12 06:56:40.000000000 -0500
-+++ ./CMakeLists.txt	2021-02-27 15:46:23.408557445 -0500
++++ ./CMakeLists.txt	2021-09-11 12:22:08.270359054 -0400
 @@ -485,6 +485,27 @@ IF ( ASSIMP_NO_EXPORT )
    MESSAGE( STATUS "Build an import-only version of Assimp." )
  ENDIF( ASSIMP_NO_EXPORT )
@@ -29,9 +28,8 @@ diff -up ./CMakeLists.txt.unbundle ./CMakeLists.txt
  SET ( ASSIMP_BUILD_ARCHITECTURE "" CACHE STRING
    "describe the current architecture."
  )
-diff -up ./code/Blender/BlenderTessellator.h.unbundle ./code/Blender/BlenderTessellator.h
 --- ./code/Blender/BlenderTessellator.h.unbundle	2020-01-12 06:56:40.000000000 -0500
-+++ ./code/Blender/BlenderTessellator.h	2021-02-27 15:46:23.408557445 -0500
++++ ./code/Blender/BlenderTessellator.h	2021-09-11 12:22:08.271359063 -0400
 @@ -144,11 +144,7 @@ namespace Assimp
  
  #if ASSIMP_BLEND_WITH_POLY_2_TRI
@@ -44,9 +42,8 @@ diff -up ./code/Blender/BlenderTessellator.h.unbundle ./code/Blender/BlenderTess
  
  namespace Assimp
  {
-diff -up ./code/CMakeLists.txt.unbundle ./code/CMakeLists.txt
 --- ./code/CMakeLists.txt.unbundle	2020-01-12 06:56:40.000000000 -0500
-+++ ./code/CMakeLists.txt	2021-02-27 15:46:23.408557445 -0500
++++ ./code/CMakeLists.txt	2021-09-11 12:22:08.271359063 -0400
 @@ -874,7 +874,7 @@ IF(HUNTER_ENABLED)
    hunter_add_package(utf8)
    find_package(utf8 CONFIG REQUIRED)
@@ -176,9 +173,8 @@ diff -up ./code/CMakeLists.txt.unbundle ./code/CMakeLists.txt
  ENDIF(HUNTER_ENABLED)
  
  if(ASSIMP_ANDROID_JNIIOSYSTEM)
-diff -up ./code/Common/BaseImporter.cpp.unbundle ./code/Common/BaseImporter.cpp
---- ./code/Common/BaseImporter.cpp.unbundle	2021-02-27 15:47:27.432812387 -0500
-+++ ./code/Common/BaseImporter.cpp	2021-02-27 15:47:58.526936201 -0500
+--- ./code/Common/BaseImporter.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
++++ ./code/Common/BaseImporter.cpp	2021-09-11 12:22:08.272359072 -0400
 @@ -341,11 +341,7 @@ std::string BaseImporter::GetExtension(
      return false;
  }
@@ -192,9 +188,8 @@ diff -up ./code/Common/BaseImporter.cpp.unbundle ./code/Common/BaseImporter.cpp
  
  // ------------------------------------------------------------------------------------------------
  // Convert to UTF8 data
-diff -up ./code/Importer/IFC/IFCGeometry.cpp.unbundle ./code/Importer/IFC/IFCGeometry.cpp
 --- ./code/Importer/IFC/IFCGeometry.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
-+++ ./code/Importer/IFC/IFCGeometry.cpp	2021-02-27 15:46:23.408557445 -0500
++++ ./code/Importer/IFC/IFCGeometry.cpp	2021-09-11 12:22:08.272359072 -0400
 @@ -49,13 +49,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  #include "Common/PolyTools.h"
  #include "PostProcessing/ProcessHelper.h"
@@ -211,9 +206,8 @@ diff -up ./code/Importer/IFC/IFCGeometry.cpp.unbundle ./code/Importer/IFC/IFCGeo
  
  #include <memory>
  #include <iterator>
-diff -up ./code/Importer/IFC/IFCOpenings.cpp.unbundle ./code/Importer/IFC/IFCOpenings.cpp
 --- ./code/Importer/IFC/IFCOpenings.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
-+++ ./code/Importer/IFC/IFCOpenings.cpp	2021-02-27 15:46:23.409557449 -0500
++++ ./code/Importer/IFC/IFCOpenings.cpp	2021-09-11 12:22:08.273359081 -0400
 @@ -49,13 +49,8 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  #include "Common/PolyTools.h"
  #include "PostProcessing/ProcessHelper.h"
@@ -230,9 +224,8 @@ diff -up ./code/Importer/IFC/IFCOpenings.cpp.unbundle ./code/Importer/IFC/IFCOpe
  
  #include <iterator>
  
-diff -up ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle ./code/Importer/STEPParser/STEPFileEncoding.cpp
---- ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle	2021-02-27 15:48:15.993005751 -0500
-+++ ./code/Importer/STEPParser/STEPFileEncoding.cpp	2021-02-27 15:48:37.161090042 -0500
+--- ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
++++ ./code/Importer/STEPParser/STEPFileEncoding.cpp	2021-09-11 12:22:08.273359081 -0400
 @@ -45,11 +45,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
   */
  #include "STEPFileEncoding.h"
@@ -246,9 +239,8 @@ diff -up ./code/Importer/STEPParser/STEPFileEncoding.cpp.unbundle ./code/Importe
  
  #include <memory>
  
-diff -up ./code/MMD/MMDPmxParser.cpp.unbundle ./code/MMD/MMDPmxParser.cpp
---- ./code/MMD/MMDPmxParser.cpp.unbundle	2021-02-27 15:50:16.110484046 -0500
-+++ ./code/MMD/MMDPmxParser.cpp	2021-02-27 15:50:57.573649134 -0500
+--- ./code/MMD/MMDPmxParser.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
++++ ./code/MMD/MMDPmxParser.cpp	2021-09-11 12:22:08.273359081 -0400
 @@ -42,11 +42,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  #include <utility>
  #include "MMDPmxParser.h"
@@ -262,9 +254,8 @@ diff -up ./code/MMD/MMDPmxParser.cpp.unbundle ./code/MMD/MMDPmxParser.cpp
  #include <assimp/Exceptional.h>
  
  namespace pmx
-diff -up ./code/SIB/SIBImporter.cpp.unbundle ./code/SIB/SIBImporter.cpp
---- ./code/SIB/SIBImporter.cpp.unbundle	2021-02-27 15:48:54.037157241 -0500
-+++ ./code/SIB/SIBImporter.cpp	2021-02-27 15:49:24.194277325 -0500
+--- ./code/SIB/SIBImporter.cpp.unbundle	2020-01-12 06:56:40.000000000 -0500
++++ ./code/SIB/SIBImporter.cpp	2021-09-11 12:22:08.274359089 -0400
 @@ -59,12 +59,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  #include <assimp/ByteSwapper.h>
  #include <assimp/StreamReader.h>
@@ -279,3 +270,14 @@ diff -up ./code/SIB/SIBImporter.cpp.unbundle ./code/SIB/SIBImporter.cpp
  #include <assimp/IOSystem.hpp>
  #include <assimp/DefaultLogger.hpp>
  #include <assimp/scene.h>
+--- ./samples/SimpleTexturedOpenGL/SimpleTexturedOpenGL/src/model_loading.cpp.unbundle	2021-09-11 12:47:39.249727225 -0400
++++ ./samples/SimpleTexturedOpenGL/SimpleTexturedOpenGL/src/model_loading.cpp	2021-09-11 12:22:39.456631581 -0400
+@@ -19,7 +19,7 @@
+ #include <GL/glu.h>
+ 
+ #define STB_IMAGE_IMPLEMENTATION
+-#include "contrib/stb_image/stb_image.h"
++#include "stb_image.h"
+ 
+ #include <fstream>
+ 
diff --git a/assimp.spec b/assimp.spec
index 1751c2c..29529d7 100644
--- a/assimp.spec
+++ b/assimp.spec
@@ -1,7 +1,7 @@
 %undefine __cmake_in_source_build
 Name:           assimp
 Version:        5.0.1
-Release:        3%{?dist}
+Release:        7%{?dist}
 Summary:        Library to import various 3D model formats into applications
 
 # Assimp is BSD
@@ -12,7 +12,7 @@ Summary:        Library to import various 3D model formats into applications
 # Bundled contrib/unzip is zlib
 # Bundled contrib/zip is unlicense
 # Bundled contrib/zlib is zlib
-License:        BSD and MIT and Boost and unlicense and zlib
+License:        BSD and MIT and Boost and Unlicense and zlib
 URL:            https://github.com/assimp/assimp
 
 # Github releases include nonfree models, source tarball must be re-generated
@@ -49,15 +49,37 @@ BuildRequires:  pkgconfig(zlib)
 BuildRequires:  pkgconfig(python3)
 BuildRequires:  poly2tri-devel
 BuildRequires:  python3-devel
+# Need to BR -static packages for header-only libraries for tracking, per
+# guidelines
 BuildRequires:  rapidjson-devel
+BuildRequires:  rapidjson-static
+# Enforce the the minimum EVR to contain fixes for all of:
+# CVE-2021-28021
+# CVE-2021-42715
+# CVE-2021-42716
+# CVE-2022-28041
+# CVE-2023-43898
+# CVE-2023-45661
+# CVE-2023-45662
+# CVE-2023-45663
+# CVE-2023-45664
+# CVE-2023-45666
+# CVE-2023-45667
+%if 0%{?el7} || 0%{?el8}
+%global min_stb_image 2.28-0.39.20231011gitbeebb24
+%else
+%global min_stb_image 2.28^20231011gitbeebb24-12
+%endif
+BuildRequires:  stb_image-devel >= %{min_stb_image}
+BuildRequires:  stb_image-static
 BuildRequires:  utf8cpp-devel
+BuildRequires:  utf8cpp-static
 
 # Incompatible - https://github.com/assimp/assimp/issues/788
 #BuildRequires: pkgconfig(polyclipping)
 Provides: bundled(polyclipping) = 4.8.8
 Provides: bundled(open3dgc)
 Provides: bundled(openddl-parser)
-Provides: bundled(stb_image)
 Provides: bundled(unzip)
 Provides: bundled(minzip)
 Provides: bundled(zlib)
@@ -105,6 +127,7 @@ rm -r contrib/android-cmake
 rm -r contrib/irrXML
 rm -r contrib/poly2tri
 rm -r contrib/rapidjson
+rm -r contrib/stb_image
 rm -r contrib/utf8cpp
 
 %patch0 -p1 -b .unbundle
@@ -171,6 +194,20 @@ rm -f %{buildroot}%{_libdir}/libzlibstatic.a
 %endif
 
 %changelog
+* Fri Oct 27 2023 Benjamin A. Beasley <code@musicinmybrain.net> - 5.0.1-7
+- Ensure stb_image contains the latest CVE patches
+- Fixes RHBZ#2246108, RHBZ#2246114
+
+* Sat Apr 23 2022 Benjamin A. Beasley <code@musicinmybrain.net> - 5.0.1-6
+- Security fix for CVE-2022-28041
+
+* Thu Dec 30 2021 Rich Mattes <richmattes@gmail.com> - 5.0.1-5
+- Correct Unlicense shortname (rhbz#2036000)
+
+* Sat Sep 11 2021 Benjamin A. Beasley <code@musicinmybrain.net> - 5.0.1-4
+- Unbundle stb_image
+- Add -static BR’s for header-only libraries utf8cpp and rapidjson
+
 * Mon Mar 29 2021 Rich Mattes <richmattes@gmail.com> - 5.0.1-3
 - Fix library install dir specification (rhbz#1943862)
 - Remove un-needed build dependency on ILUT