diff --git a/.gitignore b/.gitignore
index fd8738a..8bb47bf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -14,3 +14,4 @@ apache-tomcat-*-src/
 /tomcat-9.0.87.redhat-00011-src.zip
 /tomcat-9.0.87.redhat-00012-src.zip
 /tomcat-9.0.87.redhat-00013-src.zip
+/apache-tomcat-9.0.110-src.tar.gz
diff --git a/JmxRemoteLifecycleListener.patch b/JmxRemoteLifecycleListener.patch
deleted file mode 100644
index 3145a54..0000000
--- a/JmxRemoteLifecycleListener.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-index f62f8d1..db19960 100644
---- a/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-+++ b/java/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.java
-@@ -611,34 +611,28 @@ public class JmxRemoteLifecycleListener extends SSLHostConfig implements Lifecyc
-      * Better to use the internal API than re-invent the wheel.
-      */
-     @SuppressWarnings("restriction")
--    private static class JmxRegistry extends sun.rmi.registry.RegistryImpl {
-+    private static class JmxRegistry {
-         private static final long serialVersionUID = -3772054804656428217L;
-         private final String jmxName;
-         private final Remote jmxServer;
-         public JmxRegistry(int port, RMIClientSocketFactory csf,
-                 RMIServerSocketFactory ssf, String jmxName, Remote jmxServer) throws RemoteException {
--            super(port, csf, ssf);
-             this.jmxName = jmxName;
-             this.jmxServer = jmxServer;
-         }
--        @Override
-         public Remote lookup(String name)
-                 throws RemoteException, NotBoundException {
-             return (jmxName.equals(name)) ? jmxServer : null;
-         }
--        @Override
-         public void bind(String name, Remote obj)
-                 throws RemoteException, AlreadyBoundException, AccessException {
-         }
--        @Override
-         public void unbind(String name)
-                 throws RemoteException, NotBoundException, AccessException {
-         }
--        @Override
-         public void rebind(String name, Remote obj)
-                 throws RemoteException, AccessException {
-         }
--        @Override
-         public String[] list() throws RemoteException {
-             return new String[] { jmxName };
-         }
diff --git a/build-with-java-25.patch b/build-with-java-25.patch
new file mode 100644
index 0000000..cb7c5eb
--- /dev/null
+++ b/build-with-java-25.patch
@@ -0,0 +1,76 @@
+--- build.xml.orig	2026-02-12 14:28:31.466893106 -0500
++++ build.xml	2026-02-12 14:28:44.320933346 -0500
+@@ -968,7 +968,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <!-- Uncomment this to show unchecked warnings:
+@@ -1021,7 +1021,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <!-- Uncomment this to show unchecked warnings:
+@@ -1038,7 +1038,7 @@
+     <javac srcdir="java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${release.java.version}"
++           source="22" target="22"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true"
+            if:set="has-ffm" >
+@@ -1577,7 +1577,7 @@
+     <javac   srcdir="webapps/examples/WEB-INF/classes"
+              destdir="${tomcat.build}/webapps/examples/WEB-INF/classes"
+              debug="${compile.debug}" deprecation="${compile.deprecation}"
+-             release="${compile.release}"
++             source="8" target="8"
+              classpath="${tomcat.classes}"
+              encoding="ISO-8859-1"
+              includeantruntime="false">
+@@ -1806,7 +1806,7 @@
+            destdir="${xreflect.directory}/classes"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeAntRuntime="true" >
+       <compilerarg value="-XDignore.symbol.file"/>
+@@ -1892,7 +1892,7 @@
+     <javac srcdir="test" destdir="${test.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="true">
+       <classpath refid="tomcat.test.classpath" />
+--- modules/jdbc-pool/build.xml.orig	2026-02-12 14:28:31.469893115 -0500
++++ modules/jdbc-pool/build.xml	2026-02-12 14:28:44.327503027 -0500
+@@ -163,7 +163,7 @@
+     <javac srcdir="${basedir}/src/main/java" destdir="${tomcat.classes}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="false">
+       <classpath refid="tomcat.jdbc.classpath"/>
+@@ -201,7 +201,7 @@
+     <javac srcdir="${basedir}/src/test/java" destdir="${tomcat.testclasses}"
+            debug="${compile.debug}"
+            deprecation="${compile.deprecation}"
+-           release="${compile.release}"
++           source="8" target="8"
+            encoding="ISO-8859-1"
+            includeantruntime="false">
+       <classpath refid="tomcat.jdbc.classpath"/>
diff --git a/rhbz-1857043.patch b/rhbz-1857043.patch
index dd74c3b..47d2276 100644
--- a/rhbz-1857043.patch
+++ b/rhbz-1857043.patch
@@ -1,7 +1,6 @@
-diff -up ./build.xml.orig ./build.xml
---- build.xml.orig	2021-07-07 10:53:55.493742841 +0800
-+++ build.xml	2021-07-07 11:09:43.107968515 +0800
-@@ -1020,7 +1020,7 @@
+--- build.xml.orig	2026-02-11 15:17:18.947314996 -0500
++++ build.xml	2026-02-11 15:17:23.675329041 -0500
+@@ -1116,7 +1116,7 @@
        filesDir="${tomcat.classes}"
        filesId="files.annotations-api"
        manifest="${tomcat.manifests}/annotations-api.jar.manifest"
@@ -10,7 +9,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Servlet Implementation JAR File -->
      <jarIt jarfile="${servlet-api.jar}"
-@@ -1029,41 +1029,41 @@
+@@ -1125,41 +1125,41 @@
        manifest="${tomcat.manifests}/servlet-api.jar.manifest"
        notice="${tomcat.manifests}/servlet-api.jar.notice"
        license="${tomcat.manifests}/servlet-api.jar.license"
@@ -58,7 +57,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Bootstrap JAR File -->
      <jarIt jarfile="${bootstrap.jar}"
-@@ -1075,61 +1075,61 @@
+@@ -1171,68 +1171,68 @@
      <jarIt jarfile="${tomcat-util.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-util"
@@ -90,6 +89,14 @@ diff -up ./build.xml.orig ./build.xml
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-coyote"
 -      addOSGi="true" />
++      addOSGi="false" />
+
+     <!-- OpenSSL FFM - Coyote -->
+     <jarIt jarfile="${tomcat-coyote-ffm.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-coyote-ffm"
+       manifest="${tomcat.manifests}/tomcat-coyote-ffm.jar.manifest"
+-      addOSGi="true" />
 +      addOSGi="false" />
  
      <!-- WebSocket implementation JAR File -->
@@ -130,7 +137,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- Catalina Ant Tasks JAR File -->
      <jarIt jarfile="${catalina-ant.jar}"
-@@ -1140,27 +1140,27 @@
+@@ -1243,27 +1243,27 @@
      <jarIt jarfile="${catalina-storeconfig.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.catalina-storeconfig"
@@ -162,7 +169,7 @@ diff -up ./build.xml.orig ./build.xml
  
      <!-- i18n JARs -->
      <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
-@@ -1620,7 +1620,7 @@
+@@ -1716,7 +1716,7 @@
             filesId="files.tomcat-embed-core"
             notice="${tomcat.manifests}/servlet-api.jar.notice"
             license="${tomcat.manifests}/servlet-api.jar.license"
@@ -171,7 +178,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
             graalFiles="res/graal/tomcat-embed-core/native-image"
-@@ -1628,7 +1628,7 @@
+@@ -1724,7 +1724,7 @@
      <jarIt jarfile="${tomcat-embed-el.jar}"
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-el"
@@ -180,7 +187,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
             graalFiles="res/graal/tomcat-embed-el/native-image"
-@@ -1637,7 +1637,7 @@
+@@ -1733,7 +1733,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-jasper"
             meta-inf="${tomcat.manifests}/jasper.jar"
@@ -189,7 +196,7 @@ diff -up ./build.xml.orig ./build.xml
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
             graalFiles="res/graal/tomcat-embed-jasper/native-image"
-@@ -1646,7 +1646,7 @@
+@@ -1742,7 +1742,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-websocket"
             meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
diff --git a/sources b/sources
index d789131..38dc472 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (tomcat-9.0.87.redhat-00013-src.zip) = 1049d86d4bbdfd251a3f0cc72840cb6535a5637a76becaec8cb9c6532430dabaefd007af285fa1ac8d6a2a70f1d0378f6a1e908f7e7c5aff7c2bbedcd521cc9d
+SHA512 (apache-tomcat-9.0.110-src.tar.gz) = a8fe2c59a801d6fb16ea74019c6fc58c34543d4d25a16d64e929e67c7736f6e16d08ec2061b37f1783ebfa0b1dacfff991e46ed5d24d89300a140cb94449f570
diff --git a/tomcat.spec b/tomcat.spec
index e22d339..1d61023 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,8 +31,8 @@
 %global jspspec 2.3
 %global major_version 9
 %global minor_version 0
-%global micro_version 87
-%global packdname %{name}-%{major_version}.%{minor_version}.%{micro_version}.redhat-00013-src
+%global micro_version 110
+%global packdname apache-%{name}-%{major_version}.%{minor_version}.%{micro_version}-src
 %global servletspec 4.0
 %global elspec 3.0
 %global tcuid 53
@@ -56,12 +56,12 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       7%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
-Source0:       %{packdname}.zip
+Source0:       %{packdname}.tar.gz
 Source1:       %{name}-%{major_version}.%{minor_version}.conf
 Source3:       %{name}-%{major_version}.%{minor_version}.sysconfig
 Source4:       %{name}-%{major_version}.%{minor_version}.wrapper
@@ -81,7 +81,7 @@ Patch2:        %{name}-build.patch
 Patch3:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch4:        rhbz-1857043.patch
 Patch6:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
-Patch7:        JmxRemoteLifecycleListener.patch
+Patch7:        build-with-java-25.patch
 
 BuildArch:     noarch
 
@@ -92,8 +92,9 @@ BuildRequires: javapackages-local
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
 BuildRequires: systemd
+BuildRequires: java-25-headless
 
-Requires:      (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java >= 1:1.8)
+Requires:      (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java-25-headless or java >= 1:1.8)
 Requires:      javapackages-tools
 Requires:      %{name}-lib = %{epoch}:%{version}-%{release}
 %if 0%{?fedora} || 0%{?rhel} > 7
@@ -186,7 +187,7 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
 The ROOT web application for Apache Tomcat.
 
 %prep
-%setup -q -n apache-%{packdname}
+%setup -q -n %{packdname}
 # remove pre-built binaries and windows files
 find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
    -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
@@ -197,7 +198,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch -P3 -p0
 %patch -P4 -p0
 %patch -P6 -p0
-%patch -P7 -p1
+%patch -P7 -p0
 
 # Remove webservices naming resources as it's generally unused
 %{__rm} -rf java/org/apache/naming/factory/webservices
@@ -217,8 +218,12 @@ export OPT_JAR_LIST="xalan-j2-serializer"
 # so just create a dummy file for later removal
 touch HACK
 
+# Adding JAVA_HOME to always compile with java-25 instead of autodetecting
+export JAVA_HOME=%{_jvmdir}/java-25-openjdk
+export PATH=$JAVA_HOME/bin:$PATH
+
 # who needs a build.properties file anyway
-%{ant} -Dbase.path="." \
+ant -Dbase.path="." \
   -Dbuild.compiler="modern" \
   -Dcommons-daemon.jar="HACK" \
   -Dcommons-daemon.native.src.tgz="HACK" \
@@ -237,6 +242,9 @@ touch HACK
 
 # remove some jars that we'll replace with symlinks later
 %{__rm} output/build/lib/ecj.jar
+# Cleanup commons-daemon.jar that somehow appeared since last build, but is unnecessary
+%{__rm} -rf output/build/bin/commons-daemon.jar
+
 # Remove the example webapps per Apache Tomcat Security Considerations
 # see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
 %{__rm} -rf output/build/webapps/examples
@@ -557,6 +565,10 @@ fi
 
 
 %changelog
+* Wed Feb 11 2026 Coty Sutherland <csutherl@redhat.com> - 1:9.0.110-1
+- Resolves: RHEL-148687
+  Update to 9.0.110 and compile with Java 25 to enable FFM features for PQC support
+
 * Wed Jan 21 2026 Pietro Meloni <pmeloni@redhat.com> - 1:9.0.87-7
 - Resolves: RHEL-124516
   tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)