diff --git a/.gitignore b/.gitignore
index 4aa48d2..7b95908 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,4 @@ libupnp-1.6.6.tar.bz2
 /libupnp-1.6.17.tar.bz2
 /libupnp-1.6.18.tar.bz2
 /libupnp-1.6.19.tar.bz2
+/libupnp-1.6.20.tar.bz2
diff --git a/0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch b/0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
new file mode 100644
index 0000000..d59c688
--- /dev/null
+++ b/0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
@@ -0,0 +1,24 @@
+Originally:
+
+https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
+
+But without the configure bits, because we're just going to leave it disabled
+anyway, and I don't feel like making autoreconf work.
+
+diff -up libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c.jx libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c
+--- libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c.jx	2016-07-07 13:05:30.000000000 -0400
++++ libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c	2016-07-18 14:02:23.920747068 -0400
+@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
+ 		if (Fp == NULL)
+ 			return HTTP_INTERNAL_SERVER_ERROR;
+ 	} else {
++#ifdef UPNP_ENABLE_POST_WRITE
+ 		Fp = fopen(filename, "wb");
+ 		if (Fp == NULL)
+ 			return HTTP_UNAUTHORIZED;
++#else
++		return HTTP_NOT_FOUND;
++#endif
+ 	}
+ 	parser->position = POS_ENTITY;
+ 	do {
diff --git a/libupnp.spec b/libupnp.spec
index 9012dc4..3b1d893 100644
--- a/libupnp.spec
+++ b/libupnp.spec
@@ -1,7 +1,7 @@
-Version: 1.6.19
+Version: 1.6.20
 Summary: Universal Plug and Play (UPnP) SDK
 Name: libupnp
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: BSD
 Group: System Environment/Libraries
 URL: http://www.libupnp.org/
@@ -10,6 +10,8 @@ Source: http://downloads.sourceforge.net/pupnp/%{name}-%{version}.tar.bz2
 %define docdeveldir %{_docdir}/%{name}-devel-%{version}
 %define docdir %{_docdir}/%{name}-%{version}
 
+Patch0: 0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
+
 %description
 The Universal Plug and Play (UPnP) SDK for Linux provides 
 support for building UPnP-compliant control points, devices, 
@@ -26,6 +28,7 @@ the UPnP SDK libraries.
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %configure --enable-static=no --enable-ipv6
@@ -61,6 +64,10 @@ make install DESTDIR=$RPM_BUILD_ROOT
 rm -rf %{buildroot}
 
 %changelog
+* Mon Jul 18 2016 Adam Jackson <ajax@redhat.com> - 1.6.20-1
+- libupnp 1.6.20
+- Don't write to the filesystem on unhandled POST requests
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.19-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 
diff --git a/sources b/sources
index bd27534..b54a200 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-ee16e5d33a3ea7506f38d71facc057dd  libupnp-1.6.19.tar.bz2
+6839c376b5ec71d2d56f7b64e829c438  libupnp-1.6.20.tar.bz2