diff --git a/.gitignore b/.gitignore
index a426298..2b10e87 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,5 @@
 /cryptography-36.0.0-vendor.tar.bz2
 /cryptography-37.0.2.tar.gz
 /cryptography-37.0.2-vendor.tar.bz2
+/cryptography-39.0.1.tar.gz
+/cryptography-39.0.1-vendor.tar.bz2
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 5055a5b..986c47a 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -5,8 +5,8 @@
 %global srcname cryptography
 
 Name:           python-%{srcname}
-Version:        37.0.2
-Release:        8%{?dist}
+Version:        39.0.1
+Release:        1%{?dist}
 Summary:        PyCA's cryptography library
 
 # cryptography is dual licensed under the Apache-2.0 and BSD-3-Clause,
@@ -125,6 +125,10 @@ PYTHONPATH=${PWD}/vectors:%{buildroot}%{python3_sitearch} \
 %{python3_sitearch}/%{srcname}-%{version}-py*.egg-info
 
 %changelog
+* Mon Feb 20 2023 Maxwell G <maxwell@gtmx.me> - 39.0.1-1
+- Update to 39.0.1. Fixes rhbz#2124729.
+- Mitigate CVE-2023-23931.
+
 * Thu Jan 26 2023 Fabio Valentini <decathorpe@gmail.com> - 37.0.2-8
 - Ensure correct compiler flags are used for Rust code.
 
diff --git a/sources b/sources
index 536e11b..92f6e72 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (cryptography-37.0.2.tar.gz) = ca6b1e983e79a130b47b1f7cdabeb6041a6102f57483f0820f7bcc6a67e0112b7691f09caa7f391de5aed0a2fee26f394688823da2cd4c8beab553732ac6a305
-SHA512 (cryptography-37.0.2-vendor.tar.bz2) = d100fff9406063c7eb1d0caf7f389c15e49715928ae6c9ec7fd60e97f363ea3590d145e8e7f74958ce4857f60e9e4cd28ac69ef44f9e0dc0730e5d08b073bd9b
+SHA512 (cryptography-39.0.1.tar.gz) = 5da6432b73d19c6999d664b06ade833e395671458a25dc50999e1dd19a820050c4c1ad4b21aa8e749db6d81543a492c39143ce23346732408f8133223ead5f80
+SHA512 (cryptography-39.0.1-vendor.tar.bz2) = 4e92ec50e01f99e160ab6c5e12fbd7e1297aaa2dfb5f0f35019308a44661e938a082c9a4ce0d9b5fbe1ed94cde49ae6b193c3f3f7035e9f5f5a97f2108595667