diff --git a/.gitignore b/.gitignore
index bd70761..2f0ffee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1 @@
-awstats-7.0.tar.gz
-/awstats-7.1.tar.gz
-/awstats-7.1.1.tar.gz
-/awstats-7.2.tar.gz
-/awstats-7.3.tar.gz
-/awstats-7.4.tar.gz
-/awstats-7.6.tar.gz
-/awstats-7.7.tar.gz
 /awstats-7.8.tar.gz
-/awstats-7.9.tar.gz
-/awstats-8.0.tar.gz
diff --git a/awstats-7.9-httpd-2.4.patch b/awstats-7.0-httpd-2.4.patch
similarity index 74%
rename from awstats-7.9-httpd-2.4.patch
rename to awstats-7.0-httpd-2.4.patch
index a441127..2fe23b6 100644
--- a/awstats-7.9-httpd-2.4.patch
+++ b/awstats-7.0-httpd-2.4.patch
@@ -1,6 +1,7 @@
---- awstats-7.9/tools/httpd_conf.orig	2014-09-23 09:16:09.000000000 +0200
-+++ awstats-7.9/tools/httpd_conf	2023-01-18 23:30:18.097762242 +0100
-@@ -10,20 +10,26 @@
+diff -up awstats-7.0/tools/httpd_conf.http-2.4 awstats-7.0/tools/httpd_conf
+--- awstats-7.0/tools/httpd_conf.http-2.4	2012-11-16 16:11:07.612386681 +0100
++++ awstats-7.0/tools/httpd_conf	2012-11-16 16:44:24.921755562 +0100
+@@ -10,20 +10,33 @@
  
  #
  # Directives to add to your Apache conf file to allow use of AWStats as a CGI.
@@ -27,7 +28,14 @@
 -    Order allow,deny
 -    Allow from all
 +    <IfModule mod_authz_core.c>
++        # Apache 2.4	
 +        Require local
++    </IfModule>
++    <IfModule !mod_authz_core.c>
++        # Apache 2.2
++        Order allow,deny
++        Allow from 127.0.0.1
++        Allow from ::1
 +    </IfModule>
  </Directory>
 +# Additional Perl modules
diff --git a/awstats-CVE-2020-35176.patch b/awstats-CVE-2020-35176.patch
new file mode 100644
index 0000000..c954a95
--- /dev/null
+++ b/awstats-CVE-2020-35176.patch
@@ -0,0 +1,20 @@
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index e709b7f5..8341c0a5 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -1711,13 +1711,13 @@ sub Read_Config {
+ 	# Check config file in common possible directories :
+ 	# Windows :                   				"$DIR" (same dir than awstats.pl)
+ 	# Standard, Mandrake and Debian package :	"/etc/awstats"
+-	# Other possible directories :				"/usr/local/etc/awstats", "/etc"
++	# Other possible directories :				"/usr/local/etc/awstats",
+ 	# FHS standard, Suse package : 				"/etc/opt/awstats"
+ 	my $configdir         = shift;
+ 	my @PossibleConfigDir = (
+ 			"$DIR",
+ 			"/etc/awstats",
+-			"/usr/local/etc/awstats", "/etc",
++			"/usr/local/etc/awstats",
+ 			"/etc/opt/awstats"
+ 		); 
+ 
diff --git a/awstats-CVE-2022-46391.patch b/awstats-CVE-2022-46391.patch
new file mode 100644
index 0000000..bed1e7b
--- /dev/null
+++ b/awstats-CVE-2022-46391.patch
@@ -0,0 +1,13 @@
+diff --git a/wwwroot/cgi-bin/plugins/hostinfo.pm b/wwwroot/cgi-bin/plugins/hostinfo.pm
+index 95b2c20b7..1f0ac6994 100644
+--- a/wwwroot/cgi-bin/plugins/hostinfo.pm
++++ b/wwwroot/cgi-bin/plugins/hostinfo.pm
+@@ -181,7 +181,7 @@ sub BuildFullHTMLOutput_hostinfo {
+ 
+ 	&tab_head("Full Whois Field",0,0,'whois');
+ 	if ($w && $w->response()) {
+-		print "<tr><td class=\"aws\"><pre>".($w->response())."</pre></td></tr>\n";
++		print "<tr><td class=\"aws\"><pre>".CleanXSS($w->response())."</pre></td></tr>\n";
+ 	}
+ 	else {
+ 		print "<tr><td><br />The Whois command failed.<br />Did the server running AWStats is allowed to send WhoIs queries (If a firewall is running, port 43 should be opened from inside to outside) ?<br /><br /></td></tr>\n";
diff --git a/awstats.spec b/awstats.spec
index 6389fe6..cc3634f 100644
--- a/awstats.spec
+++ b/awstats.spec
@@ -1,16 +1,22 @@
 Name:       awstats
-Version:    8.0
-Release:    2%{?dist}
+Version:    7.8
+Release:    9%{?dist}
 Summary:    Advanced Web Statistics
-# Automatically converted from old format: GPLv3+ - review is highly recommended.
-License:    GPL-3.0-or-later
-URL:        https://www.awstats.org/
-Source0:    https://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
+License:    GPLv3+
+URL:        http://awstats.sourceforge.net
+Source0:    http://downloads.sourceforge.net/project/awstats/AWStats/%{version}/awstats-%{version}.tar.gz
 Source1:    %{name}.cron
 Patch0:     awstats-awredir.pl-sanitize-parameters.patch
 
 # fix configuration for httpd 2.4 (#871366)
-Patch1:     awstats-7.9-httpd-2.4.patch
+Patch1:     awstats-7.0-httpd-2.4.patch
+
+# https://github.com/eldy/awstats/pull/196/commits/0d4d4c05f8e73be8f71dd361dc55cbd52858b823.diff
+Patch2:     awstats-CVE-2020-35176.patch
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2150632
+# https://github.com/eldy/AWStats/commit/38682330e1ec3f3af95f9436640358b2d9e4a965.diff
+Patch3:     awstats-CVE-2022-46391.patch
 
 BuildArch:  noarch
 BuildRequires:  coreutils
@@ -18,7 +24,14 @@ BuildRequires:  findutils
 BuildRequires:  perl-interpreter
 BuildRequires:  perl-generators
 BuildRequires:  recode
-Requires:   perl-Net-IP, perl-Net-DNS, perl-Geo-IP
+Requires:   perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version))
+Requires:   perl-Net-IP, perl-Net-DNS
+# perl-Geo-IP and GeoIP are EOL and are not available in epel9
+# https://bugzilla.redhat.com/show_bug.cgi?id=2091875
+# https://bugzilla.redhat.com/show_bug.cgi?id=2066787
+%if 0%{?rhel} < 9
+Requires: perl-Geo-IP
+%endif
 Requires:   crontabs  
 Requires(post): perl-interpreter
 
@@ -50,8 +63,10 @@ http://localhost/awstats/awstats.pl
 
 %prep
 %setup -q
-%patch -P0 -p 1
-%patch -P1 -p 1
+%patch0 -p 1
+%patch1 -p 1
+%patch2 -p 1
+%patch3 -p 1
 
 # Fix style sheets.
 perl -pi -e 's,/icon,/awstatsicons,g' wwwroot/css/*
@@ -159,45 +174,12 @@ fi
 
 
 %changelog
-* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 8.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
-
-* Sat Nov 22 2025 Tim Jackson <rpm@timj.co.uk> - 8.0-1
-* Update to 8.0
-
-* Wed Jul 23 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
-
-* Thu Jan 16 2025 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
-
-* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 7.9-6
-- convert license to SPDX
-
-* Wed Jul 17 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
-
-* Tue Jan 23 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Wed Jan 18 2023 Tim Jackson <rpm@timj.co.uk> - 7.9-1
-- Version 7.9
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-10
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
 * Mon Jan 09 2023 Tim Jackson <rpm@timj.co.uk> - 7.8-9
 - Fix CVE-2022-46391 (rhbz #2150632)
 - Clean up spec file, removing conditionals for now-obsolete releases
 
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-8
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+* Mon Aug  1 2022 Petr Lautrbach <plautrba@redhat.com> - 7.8-8
+- Do not require perl-Geo-IP which is EOL
 
 * Mon May 30 2022 Jitka Plesnikova <jplesnik@redhat.com> - 7.8-7
 - Perl 5.36 rebuild
diff --git a/sources b/sources
index 4008499..318d463 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (awstats-8.0.tar.gz) = b14f820e2ea6895baa0034828bba422d2f0dadd70387f682c1e9f25a72d8817ecf91127e254d6c6e7e7c866e02860a05112b0ac4452da7e71b2d9a6f57f21d03
+SHA512 (awstats-7.8.tar.gz) = b532f74a8b420841b1ae7eea73fd341049925af01688a06114f53807c14c6a4edc4ca4f671b2b9c1aee8024ba25ccf69b6eae391250e5722d2fd719de4cf87e2