diff --git a/.gitignore b/.gitignore
index 22f1060..d099beb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/tomcat-9.0.87.redhat-00013-src.zip
+SOURCES/apache-tomcat-9.0.110-src.tar.gz
diff --git a/.tomcat.metadata b/.tomcat.metadata
index 7961324..28d53a0 100644
--- a/.tomcat.metadata
+++ b/.tomcat.metadata
@@ -1 +1 @@
-15a5e583a5ce045a1d47e660ca391964cd52a51a SOURCES/tomcat-9.0.87.redhat-00013-src.zip
+8c9f0f1e544993d3ff75fc08017643159ccf05be SOURCES/apache-tomcat-9.0.110-src.tar.gz
diff --git a/SOURCES/JmxRemoteLifecycleListener.patch b/SOURCES/JmxRemoteLifecycleListener.patch
deleted file mode 100644
index 3145a54..0000000
--- a/SOURCES/JmxRemoteLifecycleListener.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-index f62f8d1..db19960 100644
---- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
-      * Better to use the internal API than re-invent the wheel.
-      */
-     @SuppressWarnings("restriction")
--    private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
-+    private static class JmxRegistry {
-         private static final long serialVersionUID = -3772054804656428217L;
-         private final String jmxName;
-         private final Remote jmxServer;
-         public JmxRegistry(int port, RMIClientSocketFactory csf,
-                 RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
--            super(port, csf, ssf);
-             this.jmxName = jmxName;
-             this.jmxServer = jmxServer;
-         }
--        @Override
-         public Remote lookup(String name)
-                 throws RemoteException, NotBoundException {
-             return (jmxName.equals(name)) ? jmxServer : null;
-         }
--        @Override
-         public void bind(String name, Remote obj)
-                 throws RemoteException, AlreadyBoundException, AccessException {
-         }
--        @Override
-         public void unbind(String name)
-                 throws RemoteException, NotBoundException, AccessException {
-         }
--        @Override
-         public void rebind(String name, Remote obj)
-                 throws RemoteException, AccessException {
-         }
--        @Override
-         public String[] list() throws RemoteException {
-             return new String[] { jmxName };
-         }
diff --git a/SOURCES/rhbz-1857043.patch b/SOURCES/rhbz-1857043.patch
index dd74c3b..47d2276 100644
--- a/SOURCES/rhbz-1857043.patch
+++ b/SOURCES/rhbz-1857043.patch
@@ -1,7 +1,6 @@
-diff -up ./build.xml.orig ./build.xml
---- build.xml.orig	2021-07-07 10:53:55.493742841 +0800
-+++ build.xml	2021-07-07 11:09:43.107968515 +0800
-@@ -1020,7 +1020,7 @@
+--- build.xml.orig	2026-02-11 15:17:18.947314996 -0500
++++ build.xml	2026-02-11 15:17:23.675329041 -0500
+@@ -1116,7 +1116,7 @@
        filesDir="${tomcat.classes}"
        filesId="files.annotations-api"
        manifest="${tomcat.manifests}/annotations-api.jar.manifest"
@@ -10,7 +9,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Servlet Implementation JAR File -->
      <jarIt jarfile="${servlet-api.jar}"
-@@ -1029,41 +1029,41 @@
+@@ -1125,41 +1125,41 @@
        manifest="${tomcat.manifests}/servlet-api.jar.manifest"
        notice="${tomcat.manifests}/servlet-api.jar.notice"
        license="${tomcat.manifests}/servlet-api.jar.license"
@@ -58,7 +57,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Bootstrap JAR File -->
      <jarIt jarfile="${bootstrap.jar}"
-@@ -1075,61 +1075,61 @@
+@@ -1171,68 +1171,68 @@
      <jarIt jarfile="${tomcat-util.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-util"
@@ -90,6 +89,14 @@ diff -up ./build.xml.orig ./build.xml
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-coyote"
 -      addOSGi="true" />
++      addOSGi="false" />
+
+     <!-- OpenSSL FFM - Coyote -->
+     <jarIt jarfile="${tomcat-coyote-ffm.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-coyote-ffm"
+       manifest="${tomcat.manifests}/tomcat-coyote-ffm.jar.manifest"
+-      addOSGi="true" />
 +      addOSGi="false" />
  
      <!-- WebSocket implementation JAR File -->
@@ -130,7 +137,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Catalina Ant Tasks JAR File -->
      <jarIt jarfile="${catalina-ant.jar}"
-@@ -1140,27 +1140,27 @@
+@@ -1243,27 +1243,27 @@
      <jarIt jarfile="${catalina-storeconfig.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.catalina-storeconfig"
@@ -162,7 +169,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- i18n JARs -->
      <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
-@@ -1620,7 +1620,7 @@
+@@ -1716,7 +1716,7 @@
             filesId="files.tomcat-embed-core"
             notice="${tomcat.manifests}/servlet-api.jar.notice"
             license="${tomcat.manifests}/servlet-api.jar.license"
@@ -171,7 +178,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
             graalFiles="res/graal/tomcat-embed-core/native-image"
-@@ -1628,7 +1628,7 @@
+@@ -1724,7 +1724,7 @@
      <jarIt jarfile="${tomcat-embed-el.jar}"
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-el"
@@ -180,7 +187,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
             graalFiles="res/graal/tomcat-embed-el/native-image"
-@@ -1637,7 +1637,7 @@
+@@ -1733,7 +1733,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-jasper"
             meta-inf="${tomcat.manifests}/jasper.jar"
@@ -189,7 +196,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
             graalFiles="res/graal/tomcat-embed-jasper/native-image"
-@@ -1646,7 +1646,7 @@
+@@ -1742,7 +1742,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-websocket"
             meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
diff --git a/SOURCES/rhel-168081.patch b/SOURCES/rhel-168081.patch
new file mode 100644
index 0000000..cc65185
--- /dev/null
+++ b/SOURCES/rhel-168081.patch
@@ -0,0 +1,54 @@
+diff -up ./java/org/apache/coyote/ajp/Constants.java ./java/org/apache/coyote/ajp/Constants.java
+--- ./java/org/apache/coyote/ajp/Constants.java	2025-10-01 04:36:05.000000000 -0400
++++ ./java/org/apache/coyote/ajp/Constants.java	2026-04-14 15:27:50.820988961 -0400
+@@ -105,7 +105,7 @@
+
+     // Translates integer codes to names of HTTP methods
+     private static final String[] methodTransArray =
+-            { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.OPTIONS, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
++            { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.DELETE, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
+                     Method.MOVE, Method.LOCK, Method.UNLOCK, "ACL", "REPORT", "VERSION-CONTROL", "CHECKIN", "CHECKOUT", "UNCHECKOUT",
+                     "SEARCH", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY" };
+
+diff -up ./test/org/apache/catalina/realm/TestRealmBase.java ./test/org/apache/catalina/realm/TestRealmBase.java
+--- ./test/org/apache/catalina/realm/TestRealmBase.java	2025-10-01 04:36:05.000000000 -0400
++++ ./test/org/apache/catalina/realm/TestRealmBase.java	2026-04-14 15:27:50.821211035 -0400
+@@ -660,7 +660,7 @@
+         SecurityConstraint deleteConstraint = new SecurityConstraint();
+         deleteConstraint.addAuthRole(ROLE1);
+         SecurityCollection deleteCollection = new SecurityCollection();
+-        deleteCollection.addMethod(Method.OPTIONS);
++        deleteCollection.addMethod(Method.DELETE);
+         deleteCollection.addPatternDecoded("/*");
+         deleteConstraint.addCollection(deleteCollection);
+
+@@ -772,7 +772,7 @@
+
+         // Only user1 should be able to perform a DELETE as only that user has
+         // role1.
+-        request.setMethod(Method.OPTIONS);
++        request.setMethod(Method.DELETE);
+
+         SecurityConstraint[] constraintsDelete =
+                 mapRealm.findSecurityConstraints(request, context);
+diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
+--- ./webapps/docs/changelog.xml.orig	2026-04-14 15:48:53.192243701 -0400
++++ ./webapps/docs/changelog.xml	2026-04-14 15:49:48.893470762 -0400
+@@ -104,6 +104,17 @@
+   They eventually become mixed with the numbered issues (i.e., numbered
+   issues do not "pop up" wrt. others).
+ -->
++<section name="Tomcat 9.0.110-redhat (csutherl)" rtext="">
++  <subsection name="Coyote">
++    <changelog>
++      <fix>
++        <bug>69848</bug>: Fix copy/paste error that meant DELETE
++        requests received via the AJP connector were processed as OPTIONS
++        requests. (markt)
++      </fix>
++    </changelog>
++  </subsection>
++</section>
+ <section name="Tomcat 9.0.110 (remm)" rtext="">
+   <subsection name="Catalina">
+     <changelog>
diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec
index ceb2d9a..6146ece 100644
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -31,8 +31,8 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
+%global micro_version 110
+%global packdname apache-%{name}-%{major_version}.%{minor_version}.%{micro_version}-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,12 +56,12 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       6%{?dist}.1
+Release:       3%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
-Source0:       %{packdname}.zip
+Source0:       %{packdname}.tar.gz
 Source1:       %{name}-%{major_version}.%{minor_version}.conf
 Source3:       %{name}-%{major_version}.%{minor_version}.sysconfig
 Source4:       %{name}-%{major_version}.%{minor_version}.wrapper
@@ -81,7 +81,7 @@ Patch2:        %{name}-build.patch
 Patch3:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch4:        rhbz-1857043.patch
 Patch6:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
-Patch7:        JmxRemoteLifecycleListener.patch
+Patch7:        rhel-168081.patch
 
 BuildArch:     noarch
 
@@ -92,8 +92,9 @@ BuildRequires: javapackages-local
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
 BuildRequires: systemd
+BuildRequires: java-25-devel
 
-Requires:      (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java >= 1:1.8)
+Requires:      (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java-25-headless or java >= 1:1.8)
 Requires:      javapackages-tools
 Requires:      %{name}-lib = %{epoch}:%{version}-%{release}
 %if 0%{?fedora} || 0%{?rhel} > 7
@@ -186,7 +187,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
 The ROOT web application for Apache Tomcat.
 
 %prep
-%setup -q -n apache-%{packdname}
+%setup -q -n %{packdname}
 # remove pre-built binaries and windows files
 find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
    -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
@@ -217,8 +218,12 @@ export OPT_JAR_LIST="xalan-j2-serializer"
 # so just create a dummy file for later removal
 touch HACK
 
+# Adding JAVA_HOME to always compile with java-25 instead of autodetecting
+export JAVA_HOME=%{_jvmdir}/java-25-openjdk
+export PATH=$JAVA_HOME/bin:$PATH
+
 # who needs a build.properties file anyway
-%{ant} -Dbase.path="." \
+ant -Dbase.path="." \
   -Dbuild.compiler="modern" \
   -Dcommons-daemon.jar="HACK" \
   -Dcommons-daemon.native.src.tgz="HACK" \
@@ -237,6 +242,9 @@ touch HACK
 
 # remove some jars that we'll replace with symlinks later
 %{__rm} output/build/lib/ecj.jar
+# Cleanup commons-daemon.jar that somehow appeared since last build, but is unnecessary
+%{__rm} -rf output/build/bin/commons-daemon.jar
+
 # Remove the example webapps per Apache Tomcat Security Considerations
 # see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
 %{__rm} -rf output/build/webapps/examples
@@ -557,10 +565,20 @@ fi
 
 
 %changelog
-* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6.el9_7.1
-- Resolves: RHEL-124518
+* Tue Apr 14 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-3
+- Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)
+
+* Thu Feb 26 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-2
+- Resolves: RHEL-154364 Tomcat fails to respond to client connections when using Java 8
+
+* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
+- Resolves: RHEL-148687
+  Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
+
+* Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
+- Resolves: RHEL-124516
   tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
-- Resolves: RHEL-91753
+- Resolves: RHEL-132561
   tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
 
 * Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-6