diff --git a/SPECS/httpd/CVE-1999-0236.nopatch b/SPECS/httpd/CVE-1999-0236.nopatch
new file mode 100644
index 00000000000..6203cad9936
--- /dev/null
+++ b/SPECS/httpd/CVE-1999-0236.nopatch
@@ -0,0 +1 @@
+# CVE-1999-0236 must be mitigated by the user. See "Server Side Includes" on https://httpd.apache.org/docs/2.4/misc/security_tips.html
\ No newline at end of file
diff --git a/SPECS/httpd/CVE-1999-1412.nopatch b/SPECS/httpd/CVE-1999-1412.nopatch
new file mode 100644
index 00000000000..72ff0709300
--- /dev/null
+++ b/SPECS/httpd/CVE-1999-1412.nopatch
@@ -0,0 +1 @@
+# CVE-1999-1412 applies only to MacOS X
\ No newline at end of file
diff --git a/SPECS/httpd/httpd.spec b/SPECS/httpd/httpd.spec
index 16a0ff832c0..4b9aecdbf47 100644
--- a/SPECS/httpd/httpd.spec
+++ b/SPECS/httpd/httpd.spec
@@ -1,7 +1,7 @@
 Summary:        The Apache HTTP Server
 Name:           httpd
 Version:        2.4.46
-Release:        1%{?dist}
+Release:        2%{?dist}
 License:        ASL 2.0
 URL:            https://httpd.apache.org/
 Group:          Applications/System
@@ -11,6 +11,11 @@ Source0:        https://archive.apache.org/dist/%{name}/%{name}-%{version}.tar.b
 Patch0:         httpd-blfs_layout-1.patch
 Patch1:         httpd-uncomment-ServerName.patch
 
+# CVE-1999-0236 must be mitigated by the user. See "Server Side Includes" at https://httpd.apache.org/docs/2.4/misc/security_tips.html
+Patch100: CVE-1999-0236.nopatch
+# CVE-1999-1412 applies only to MacOS X
+Patch101: CVE-1999-1412.nopatch
+
 BuildRequires:  openssl
 BuildRequires:  openssl-devel
 BuildRequires:  pcre-devel
@@ -185,17 +190,16 @@ fi
 %{_bindir}/dbmmanage
 
 %changelog
-* Tue Aug 18 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-1
-- Updated to 2.4.46 to resolve CVE-2020-11984.
-
-* Tue May 19 2020 Ruying Chen <v-ruyche@microsoft.com> 2.4.43-1
-- Updated to 2.4.43 to resolve the following CVEs
-- CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097
-- CVE-2019-10098, CVE-2020-1927, CVE-2020-1934
-
-* Sat May 09 00:20:57 PST 2020 Nick Samson <nisamson@microsoft.com> - 2.4.39-4
-- Added %%license line automatically
-
+*   Mon Sep 28 2020 Daniel McIlvaney <damcilva@microsoft.com> 2.4.46-2
+-   Mark CVE-1999-0236 CVE-1999-1412 as nopatch
+*   Tue Aug 18 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.46-1
+-   Updated to 2.4.46 to resolve CVE-2020-11984.
+*   Tue May 19 2020 Ruying Chen <v-ruyche@microsoft.com> 2.4.43-1
+-   Updated to 2.4.43 to resolve the following CVEs
+-   CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097
+-   CVE-2019-10098, CVE-2020-1927, CVE-2020-1934
+*   Sat May 09 2020 Nick Samson <nisamson@microsoft.com> 2.4.39-4
+-   Added %%license line automatically
 *   Tue Apr 07 2020 Pawel Winogrodzki <pawelwi@microsoft.com> 2.4.39-3
 -   Updated and verified 'Source0', 'Patch0' and 'URL' tags.
 -   License verified.
diff --git a/cgmanifest.json b/cgmanifest.json
index bfcf937566a..462543a8a2c 100644
--- a/cgmanifest.json
+++ b/cgmanifest.json
@@ -1466,8 +1466,8 @@
         "type": "other",
         "other": {
           "name": "httpd",
-          "version": "2.4.43",
-          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.43.tar.bz2"
+          "version": "2.4.46",
+          "downloadUrl": "https://archive.apache.org/dist/httpd/httpd-2.4.46.tar.bz2"
         }
       }
     },