diff --git a/.gitignore b/.gitignore
index ad00ef6..17e801f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/slf4j-1.7.25.tar.gz
+SOURCES/slf4j-1.7.28.tar.gz
diff --git a/.slf4j.metadata b/.slf4j.metadata
index 3209f5d..c799724 100644
--- a/.slf4j.metadata
+++ b/.slf4j.metadata
@@ -1 +1 @@
-f564e3825b62172e81874ec73fafcc2747fb3d3b SOURCES/slf4j-1.7.25.tar.gz
+f57e8e97d434bdcd8ba87ab9933d8de64bafb071 SOURCES/slf4j-1.7.28.tar.gz
diff --git a/SOURCES/0001-Disallow-EventData-deserialization-by-default.patch b/SOURCES/0001-Disallow-EventData-deserialization-by-default.patch
deleted file mode 100644
index f77a14e..0000000
--- a/SOURCES/0001-Disallow-EventData-deserialization-by-default.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b1c0ca75ca38a7a8b50bfdfdf2c324169a6ddf02 Mon Sep 17 00:00:00 2001
-From: Michael Simacek <msimacek@redhat.com>
-Date: Mon, 19 Mar 2018 16:01:57 +0100
-Subject: [PATCH] Disallow EventData deserialization by default
-
----
- .../src/main/java/org/slf4j/ext/EventData.java      | 21 +++++++++++++++------
- 1 file changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-index dc5b502..fa5c125 100644
---- a/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-+++ b/slf4j-ext/src/main/java/org/slf4j/ext/EventData.java
-@@ -76,12 +76,21 @@ public class EventData implements Serializable {
-      */
-     @SuppressWarnings("unchecked")
-     public EventData(String xml) {
--        ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
--        try {
--            XMLDecoder decoder = new XMLDecoder(bais);
--            this.eventData = (Map<String, Object>) decoder.readObject();
--        } catch (Exception e) {
--            throw new EventException("Error decoding " + xml, e);
-+        if ("1".equals(System.getProperty("org.slf4j.ext.allowInsecureDeserialization"))) {
-+            ByteArrayInputStream bais = new ByteArrayInputStream(xml.getBytes());
-+            try {
-+                XMLDecoder decoder = new XMLDecoder(bais);
-+                this.eventData = (Map<String, Object>) decoder.readObject();
-+            } catch (Exception e) {
-+                throw new EventException("Error decoding " + xml, e);
-+            }
-+        } else {
-+            throw new UnsupportedOperationException(
-+                    "Constructing EventData from XML is vulnerable to remote " +
-+                    "excution and is not allowed by default. If you're " +
-+                    "completely sure the source data is trusted, you can enable " +
-+                    "it by setting org.slf4j.ext.allowInsecureDeserialization " +
-+                    "JVM property to 1");
-         }
-     }
- 
--- 
-2.14.3
-
diff --git a/SPECS/slf4j.spec b/SPECS/slf4j.spec
index c16bcea..c3c3e6c 100644
--- a/SPECS/slf4j.spec
+++ b/SPECS/slf4j.spec
@@ -29,23 +29,18 @@
 #
 
 Name:           slf4j
-Version:        1.7.25
-Release:        4%{?dist}
-Epoch:          0
+Version:        1.7.28
+Release:        3%{?dist}
 Summary:        Simple Logging Facade for Java
 # the log4j-over-slf4j and jcl-over-slf4j submodules are ASL 2.0, rest is MIT
 License:        MIT and ASL 2.0
 URL:            http://www.slf4j.org/
 Source0:        http://www.slf4j.org/dist/%{name}-%{version}.tar.gz
 Source1:        http://www.apache.org/licenses/LICENSE-2.0.txt
-Patch0:         0001-Disallow-EventData-deserialization-by-default.patch
 BuildArch:      noarch
 
-BuildRequires:  maven-local
-BuildRequires:  mvn(ch.qos.cal10n:cal10n-api)
-BuildRequires:  mvn(commons-lang:commons-lang)
+BuildRequires:  maven-local-openjdk8
 BuildRequires:  mvn(commons-logging:commons-logging)
-BuildRequires:  mvn(javassist:javassist)
 BuildRequires:  mvn(log4j:log4j:1.2.17)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-antrun-plugin)
 BuildRequires:  mvn(org.apache.maven.plugins:maven-source-plugin)
@@ -63,11 +58,8 @@ SLF4J interfaces directly, e.g. NLOG4J or SimpleLogger. Alternatively,
 it is possible (and rather easy) to write SLF4J adapters for the given
 API implementation, e.g. Log4jLoggerAdapter or JDK14LoggerAdapter..
 
-%package javadoc
-Summary:        API documentation for %{name}
-
-%description javadoc
-This package provides %{summary}.
+%{?module_package}
+%{?javadoc_package}
 
 %package manual
 Summary:        Manual for %{name}
@@ -93,16 +85,10 @@ Summary:        SLF4J JCL Binding
 %description jcl
 SLF4J JCL Binding.
 
-%package ext
-Summary:        SLF4J Extensions Module
-
-%description ext
-Extensions to the SLF4J API.
-
-%package -n jcl-over-slf4j
+%package -n %{?module_prefix}jcl-over-slf4j
 Summary:        JCL 1.1.1 implemented over SLF4J
 
-%description -n jcl-over-slf4j
+%description -n %{?module_prefix}jcl-over-slf4j
 JCL 1.1.1 implemented over SLF4J.
 
 %package -n log4j-over-slf4j
@@ -125,13 +111,13 @@ SLF4J Source JARs.
 
 %prep
 %setup -q
-%patch0 -p1
 find . -name "*.jar" | xargs rm
 cp -p %{SOURCE1} APACHE-LICENSE
 
 %pom_disable_module integration
 %pom_disable_module osgi-over-slf4j
 %pom_disable_module slf4j-android
+%pom_disable_module slf4j-ext
 %pom_disable_module slf4j-migrator
 
 # Because of a non-ASCII comment in slf4j-api/src/main/java/org/slf4j/helpers/MessageFormatter.java
@@ -179,7 +165,7 @@ sed -i "/Import-Package/s/.$/;resolution:=optional&/" slf4j-api/src/main/resourc
 %mvn_package :%{name}-nop
 
 %build
-%mvn_build -f -s
+%mvn_build -f -s -- -Drequired.jdk.version=1.6
 
 %install
 # Compat symlinks
@@ -192,28 +178,43 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-manual
 rm -rf target/site/{.htaccess,apidocs}
 cp -pr target/site/* $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}-manual
 
-%files -f .mfiles
+%files -n %{?module_prefix}%{name} -f .mfiles
 %license LICENSE.txt APACHE-LICENSE
 
 %files jdk14 -f .mfiles-%{name}-jdk14
 %files log4j12 -f .mfiles-%{name}-log4j12
 %files jcl -f .mfiles-%{name}-jcl
-%files ext -f .mfiles-%{name}-ext
-%files -n jcl-over-slf4j -f .mfiles-jcl-over-slf4j
+%files -n %{?module_prefix}jcl-over-slf4j -f .mfiles-jcl-over-slf4j
 %files -n log4j-over-slf4j -f .mfiles-log4j-over-slf4j
 %files -n jul-to-slf4j -f .mfiles-jul-to-slf4j
 
 %files sources -f .mfiles-sources
 %license LICENSE.txt APACHE-LICENSE
 
-%files javadoc -f .mfiles-javadoc
-%license LICENSE.txt APACHE-LICENSE
-
 %files manual
 %license LICENSE.txt APACHE-LICENSE
 %{_defaultdocdir}/%{name}-manual
 
 %changelog
+* Sat Jan 25 2020 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.28-3
+- Build with OpenJDK 8
+
+* Tue Nov 05 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.28-2
+- Mass rebuild for javapackages-tools 201902
+
+* Tue Aug 13 2019 Marian Koncek <mkoncek@redhat.com> - 1.7.28-1
+- Update to upstream version 1.7.28
+
+* Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.26-3
+- Mass rebuild for javapackages-tools 201901
+
+* Fri May 24 2019 Mikolaj Izdebski <mizdebsk@redhat.com> - 1.7.26-2
+- Disable slf4j-ext module
+
+* Wed Feb 27 2019 Marian Koncek <mkoncek@redhat.com> - 0:1.7.26-1
+- Update to upstream version 1.7.26
+- Fixes: RHBZ #1678877
+
 * Mon Mar 19 2018 Michael Simacek <msimacek@redhat.com> - 0:1.7.25-4
 - Disallow EventData deserialization by default (CVE-2018-8088)
 - Resolves rhbz#1549928