diff --git a/javasqlite.spec b/javasqlite.spec
index 7e57856..6bc6a84 100644
--- a/javasqlite.spec
+++ b/javasqlite.spec
@@ -1,6 +1,6 @@
 Name:           javasqlite
 Version:        20090409
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        SQLite Java Wrapper/JDBC Driver
 
 Group:          Development/Libraries
@@ -9,11 +9,12 @@ URL:            http://www.ch-werner.de/javasqlite/
 Source0:        http://www.ch-werner.de/javasqlite/%{name}-%{version}.tar.gz
 # jnipath: Fedora specific, no need to send upstream.
 Patch0:         %{name}-20081006-jnipath.patch
-# Sent upstream 20090412
+# Applied upstream in 20090420 release
 Patch1:         %{name}-20090409-check-features.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-BuildRequires:  sqlite-devel
+# >= 3.4 for zeroblob stuff in %%check's test3
+BuildRequires:  sqlite-devel >= 3.4
 BuildRequires:  java-devel = 1:1.6.0
 BuildRequires:  java-devel = 1.5.0
 BuildRequires:  java-javadoc
@@ -47,8 +48,9 @@ f=ChangeLog ; iconv -f iso-8859-1 -t utf-8 $f > $f.utf8 ; mv $f.utf8 $f
 %build
 
 origpath="$PATH"
+# Note that --enable-load-extension has security concerns, it enables library
+# users to load arbitrary native code to the JVM bypassing its SecurityManager
 common_flags="
-    --enable-load-extension
     --with-jardir=%{_libdir}/%{name}
     --libdir=%{_libdir}/%{name}
 "
@@ -104,6 +106,9 @@ done
 
 
 %changelog
+* Mon Apr 20 2009 Ville Skyttä <ville.skytta at iki.fi> - 20090409-3
+- Disable extension loading due to security concerns.
+
 * Tue Apr 14 2009 Ville Skyttä <ville.skytta at iki.fi> - 20090409-2
 - Don't use parallel make, Java build doesn't appear parallel clean.