diff --git a/.gitignore b/.gitignore
index 08658d4..a10b81a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@
 /tomcat-9.0.87.redhat-00010-src.zip
 /tomcat-9.0.87.redhat-00011-src.zip
 /tomcat-9.0.87.redhat-00012-src.zip
+/tomcat-9.0.87.redhat-00013-src.zip
diff --git a/sources b/sources
index d2e8073..d789131 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00012-src.zip) = 09c490294696114a2fd1c0680db96c969a331d070d1855ae4814bea5d57f9e891d6576b4acae56f53864280e53c3e6983c2b1a11861b0b0f52c021048482c696
+SHA512 (tomcat-9.0.87.redhat-00013-src.zip) = 1049d86d4bbdfd251a3f0cc72840cb6535a5637a76becaec8cb9c6532430dabaefd007af285fa1ac8d6a2a70f1d0378f6a1e908f7e7c5aff7c2bbedcd521cc9d
diff --git a/tomcat.spec b/tomcat.spec
index d00b3eb..3aa2ad1 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -32,7 +32,7 @@
 %global major_version 9
 %global minor_version 0
 %global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00012-src
+%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,7 +56,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       1%{?dist}.6
+Release:       1%{?dist}.7
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
@@ -556,6 +556,12 @@ fi
 
 
 %changelog
+* Thu Nov 27 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.7
+- Resolves: RHEL-124507
+  tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
+- Resolves: RHEL-91743
+  tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
+
 * Thu Aug 14 2025 Adam Krajcik <akrajcik@redhat.com> - 1:9.0.87-1.el8_10.6
 - Resolves: RHEL-102193
   tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)