diff --git a/.gitignore b/.gitignore
index 36e1cf7..70dc9b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 /.build-*.log
 /noarch/
 /*.src.rpm
+/Xerces-J-src.2.12.0.tar.gz
diff --git a/sources b/sources
index b894cb9..e51e4e1 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d01fc11eacbe43b45681cb85ac112ebf  Xerces-J-src.2.11.0.tar.gz
+SHA512 (Xerces-J-src.2.12.0.tar.gz) = b5c2925aa459a2beb5fe4ba90324038b258ff0c5bf40cd6562f1631a76881b12cc74203f0d9f9a60f5af2a61ea801f3f79d5e92f715424973d0e5ce7f80a44f4
diff --git a/xerces-j2-CVE-2013-4002.patch b/xerces-j2-CVE-2013-4002.patch
deleted file mode 100644
index a2f5516..0000000
--- a/xerces-j2-CVE-2013-4002.patch
+++ /dev/null
@@ -1,47 +0,0 @@
---- src/org/apache/xerces/impl/XMLScanner.java	2013/07/03 18:25:06	1499505
-+++ src/org/apache/xerces/impl/XMLScanner.java	2013/07/03 18:29:43	1499506
-@@ -542,7 +542,7 @@
-         // document is until we scan the encoding declaration
-         // you cannot reliably read any characters outside
-         // of the ASCII range here. -- mrglavas
--        String name = fEntityScanner.scanName();
-+        String name = scanPseudoAttributeName();
-         XMLEntityManager.print(fEntityManager.getCurrentEntity());
-         if (name == null) {
-             reportFatalError("PseudoAttrNameExpected", null);
-@@ -599,6 +599,35 @@
-     } // scanPseudoAttribute(XMLString):String
-     
-     /**
-+     * Scans the name of a pseudo attribute. The only legal names
-+     * in XML 1.0/1.1 documents are 'version', 'encoding' and 'standalone'.
-+     * 
-+     * @return the name of the pseudo attribute or <code>null</code>
-+     * if a legal pseudo attribute name could not be scanned.
-+     */
-+    private String scanPseudoAttributeName() throws IOException, XNIException {
-+        final int ch = fEntityScanner.peekChar();
-+        switch (ch) {
-+            case 'v':
-+                if (fEntityScanner.skipString(fVersionSymbol)) {
-+                    return fVersionSymbol;
-+                }
-+                break;
-+            case 'e':
-+                if (fEntityScanner.skipString(fEncodingSymbol)) {
-+                    return fEncodingSymbol;
-+                }
-+                break;
-+            case 's':
-+                if (fEntityScanner.skipString(fStandaloneSymbol)) {
-+                    return fStandaloneSymbol;
-+                }
-+                break;
-+        }
-+        return null;
-+    } // scanPseudoAttributeName()
-+    
-+    /**
-      * Scans a processing instruction.
-      * <p>
-      * <pre>
diff --git a/xerces-j2-build.patch b/xerces-j2-build.patch
index dde254c..7e7caaf 100644
--- a/xerces-j2-build.patch
+++ b/xerces-j2-build.patch
@@ -39,7 +39,7 @@
      <!-- substitute tokens as needed -->
      <replace file="${build.dir}/src/org/apache/xerces/impl/Version.java" 
               token="@@VERSION@@" value="${parser.Name} ${parser.Version}"/>
-@@ -1231,30 +1206,6 @@
+@@ -1232,30 +1207,6 @@
      <!-- HACK: Remove reference to XML11Configurable from SAX parser -->
      <replace file="${build.dir}/src/org/apache/xerces/parsers/AbstractSAXParser.java"
               token="return (fConfiguration instanceof XML11Configurable);" value="return false;"/>
diff --git a/xerces-j2-manifest.patch b/xerces-j2-manifest.patch
index 524e8ec..413fa8b 100644
--- a/xerces-j2-manifest.patch
+++ b/xerces-j2-manifest.patch
@@ -13,5 +13,5 @@
 +Require-Bundle: system.bundle,javax.xml;visibility:=reexport, org.apache.xml.resolver;bundle-version="[1.2.0,2.0.0)";visibility:=reexport,org.apache.xml.serializer;bundle-version="[2.7.1,3.0.0)"
 +Export-Package: META-INF.services;version="@impl.version@",org.apache.html.dom;version="@impl.version@",org.apache.wml;version="@impl.version@",org.apache.wml.dom;version="@impl.version@",org.apache.xerces.dom;version="@impl.version@",org.apache.xerces.dom.events;version="@impl.version@",org.apache.xerces.dom3.as;version="@impl.version@",org.apache.xerces.impl;version="@impl.version@",org.apache.xerces.impl.dtd;version="@impl.version@",org.apache.xerces.impl.dtd.models;version="@impl.version@",org.apache.xerces.impl.dv;version="@impl.version@",org.apache.xerces.impl.dv.dtd;version="@impl.version@",org.apache.xerces.impl.dv.util;version="@impl.version@",org.apache.xerces.impl.dv.xs;version="@impl.version@",org.apache.xerces.impl.io;version="@impl.version@",org.apache.xerces.impl.msg;version="@impl.version@",org.apache.xerces.impl.validation;version="@impl.version@",org.apache.xerces.impl.xpath;version="@impl.version@",org.apache.xerces.impl.xpath.regex;version="@impl.version@",org.apache.xerces.impl.xs;version="@impl.version@",org.apache.xerces.impl.xs.identity;version="@impl.version@",org.apache.xerces.impl.xs.models;version="@impl.version@",org.apache.xerces.impl.xs.opti;version="@impl.version@",org.apache.xerces.impl.xs.traversers;version="@impl.version@",org.apache.xerces.impl.xs.util;version="@impl.version@",org.apache.xerces.jaxp;version="@impl.version@",org.apache.xerces.jaxp.datatype;version="@impl.version@",org.apache.xerces.jaxp.validation;version="@impl.version@",org.apache.xerces.parsers;version="@impl.version@",org.apache.xerces.stax;version="@impl.version@",org.apache.xerces.stax.events;version="@impl.version@",org.apache.xerces.util;version="@impl.version@",org.apache.xerces.xinclude;version="@impl.version@",org.apache.xerces.xni;version="@impl.version@",org.apache.xerces.xni.grammars;version="@impl.version@",org.apache.xerces.xni.parser;version="@impl.version@",org.apache.xerces.xpointer;version="@impl.version@",org.apache.xerces.xs;version="@impl.version@",org.apache.xerces.xs.datatypes;version="@impl.version@",org.apache.xml.serialize;version="@impl.version@",org.w3c.dom.html;version="@impl.version@"
  
- Name: org/apache/xerces/impl/Version.class
+ Name: org/apache/xerces/impl/
  Comment: @impl.name@ 
diff --git a/xerces-j2.spec b/xerces-j2.spec
index 5f416bf..f802347 100644
--- a/xerces-j2.spec
+++ b/xerces-j2.spec
@@ -1,10 +1,10 @@
-%global cvs_version 2_11_0
+%global cvs_version 2_12_0
 
 %define __requires_exclude system.bundle
 
 Name:          xerces-j2
-Version:       2.11.0
-Release:       34%{?dist}
+Version:       2.12.0
+Release:       1%{?dist}
 Summary:       Java XML parser
 # Most of the source is ASL 2.0
 # W3C licensed files:
@@ -34,10 +34,6 @@ Patch0:        %{name}-build.patch
 # Patch the manifest so that it includes OSGi stuff
 Patch1:        %{name}-manifest.patch
 
-# Backported fix from upstream http://svn.apache.org/viewvc?view=revision&revision=1499506
-# See https://bugzilla.redhat.com/show_bug.cgi?id=1140031
-Patch2:        xerces-j2-CVE-2013-4002.patch
-
 BuildArch:     noarch
 
 BuildRequires: javapackages-local
@@ -115,7 +111,6 @@ Requires:       %{name} = %{version}-%{release}
 %setup -q -n xerces-%{cvs_version}
 %patch0 -p0 -b .orig
 %patch1 -p0 -b .orig
-%patch2 -p0 -b .orig
 
 # Copy the custom ant tasks into place
 mkdir -p tools/org/apache/xerces/util
@@ -203,6 +198,9 @@ ln -sf %{name}.jar %{_javadir}/jaxp_parser_impl.jar
 %{_datadir}/%{name}
 
 %changelog
+* Mon Nov 19 2018 Marian Koncek <mkoncek@redhat.com> - 2.12.0-1
+- Update to upstream version 2.12.0
+
 * Fri Aug 03 2018 Michael Simacek <msimacek@redhat.com> - 2.11.0-34
 - Fix license tag to include W3C
 
