diff --git a/.gitignore b/.gitignore
index d099beb..83c6b65 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/apache-tomcat-9.0.110-src.tar.gz
+SOURCES/apache-tomcat-9.0.117-src.tar.gz
diff --git a/.tomcat.metadata b/.tomcat.metadata
index 28d53a0..b76d967 100644
--- a/.tomcat.metadata
+++ b/.tomcat.metadata
@@ -1 +1 @@
-8c9f0f1e544993d3ff75fc08017643159ccf05be SOURCES/apache-tomcat-9.0.110-src.tar.gz
+0dd5e6286a035d8d3e0027ad795d284c09ec3968 SOURCES/apache-tomcat-9.0.117-src.tar.gz
diff --git a/SOURCES/rhel-168081.patch b/SOURCES/rhel-168081.patch
deleted file mode 100644
index cc65185..0000000
--- a/SOURCES/rhel-168081.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-diff -up ./java/org/apache/coyote/ajp/Constants.java ./java/org/apache/coyote/ajp/Constants.java
---- ./java/org/apache/coyote/ajp/Constants.java 2025-10-01 04:36:05.000000000 -0400
-+++ ./java/org/apache/coyote/ajp/Constants.java 2026-04-14 15:27:50.820988961 -0400
-@@ -105,7 +105,7 @@
-
- // Translates integer codes to names of HTTP methods
- private static final String[] methodTransArray =
-- { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.OPTIONS, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
-+ { Method.OPTIONS, Method.GET, Method.HEAD, Method.POST, Method.PUT, Method.DELETE, Method.TRACE, Method.TRACE, Method.PROPPATCH, Method.MKCOL, Method.COPY,
- Method.MOVE, Method.LOCK, Method.UNLOCK, "ACL", "REPORT", "VERSION-CONTROL", "CHECKIN", "CHECKOUT", "UNCHECKOUT",
- "SEARCH", "MKWORKSPACE", "UPDATE", "LABEL", "MERGE", "BASELINE-CONTROL", "MKACTIVITY" };
-
-diff -up ./test/org/apache/catalina/realm/TestRealmBase.java ./test/org/apache/catalina/realm/TestRealmBase.java
---- ./test/org/apache/catalina/realm/TestRealmBase.java 2025-10-01 04:36:05.000000000 -0400
-+++ ./test/org/apache/catalina/realm/TestRealmBase.java 2026-04-14 15:27:50.821211035 -0400
-@@ -660,7 +660,7 @@
- SecurityConstraint deleteConstraint = new SecurityConstraint();
- deleteConstraint.addAuthRole(ROLE1);
- SecurityCollection deleteCollection = new SecurityCollection();
-- deleteCollection.addMethod(Method.OPTIONS);
-+ deleteCollection.addMethod(Method.DELETE);
- deleteCollection.addPatternDecoded("/*");
- deleteConstraint.addCollection(deleteCollection);
-
-@@ -772,7 +772,7 @@
-
- // Only user1 should be able to perform a DELETE as only that user has
- // role1.
-- request.setMethod(Method.OPTIONS);
-+ request.setMethod(Method.DELETE);
-
- SecurityConstraint[] constraintsDelete =
- mapRealm.findSecurityConstraints(request, context);
-diff -up ./webapps/docs/changelog.xml.orig ./webapps/docs/changelog.xml
---- ./webapps/docs/changelog.xml.orig 2026-04-14 15:48:53.192243701 -0400
-+++ ./webapps/docs/changelog.xml 2026-04-14 15:49:48.893470762 -0400
-@@ -104,6 +104,17 @@
- They eventually become mixed with the numbered issues (i.e., numbered
- issues do not "pop up" wrt. others).
- -->
-+
-+
-+
-+
-+ 69848: Fix copy/paste error that meant DELETE
-+ requests received via the AJP connector were processed as OPTIONS
-+ requests. (markt)
-+
-+
-+
-+
-
-
-
diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec
index 6146ece..0252713 100644
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -31,7 +31,7 @@
%global jspspec 2.3
%global major_version 9
%global minor_version 0
-%global micro_version 110
+%global micro_version 117
%global packdname apache-%{name}-%{major_version}.%{minor_version}.%{micro_version}-src
%global servletspec 4.0
%global elspec 3.0
@@ -56,7 +56,7 @@
Name: tomcat
Epoch: 1
Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 3%{?dist}
+Release: 1%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
License: ASL 2.0
@@ -81,7 +81,6 @@ Patch2: %{name}-build.patch
Patch3: %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
Patch4: rhbz-1857043.patch
Patch6: %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
-Patch7: rhel-168081.patch
BuildArch: noarch
@@ -198,7 +197,6 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
%patch -P3 -p0
%patch -P4 -p0
%patch -P6 -p0
-%patch -P7 -p1
# Remove webservices naming resources as it's generally unused
%{__rm} -rf java/org/apache/naming/factory/webservices
@@ -563,8 +561,36 @@ fi
%defattr(0644,tomcat,tomcat,0755)
%{appdir}/ROOT
-
%changelog
+* Wed May 26 2026 Pietro Meloni - 1:9.0.117-1
+- Resolves: RHEL-150714 Certificate revocation bypass due to improper OCSP response validation
+- Resolves:
+ Tomcat: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (CVE-2026-34500)
+- Resolves:
+ Tomcat: Cloud membership for clustering component exposed the Kubernetes bearer token (CVE-2026-34487)
+- Resolves:
+ Tomcat: The fix for CVE-2026-29146 allowed the bypass of the EncryptInterceptor (CVE-2026-34486)
+- Resolves:
+ Tomcat: Incomplete escaping of JSON access logs (CVE-2026-34483)
+- Resolves:
+ Tomcat: The fix for CVE-2025-66614 was incomplete (CVE-2026-32990)
+- Resolves:
+ Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default (CVE-2026-29146)
+- Resolves:
+ Tomcat: OCSP checks sometimes soft-fail even when soft-fail is disabled (CVE-2026-29145)
+- Resolves:
+ Tomcat: Configured TLS cipher preference order not preserved (CVE-2026-29129)
+- Resolves:
+ Tomcat: Occasionally open redirect (CVE-2026-25854)
+- Resolves:
+ Tomcat: Request smuggling via invalid chunk extension (CVE-2026-24880)
+- Resolves:
+ Tomcat: Incomplete OCSP verification checks (CVE-2026-24734)
+- Resolves:
+ Tomcat: Security constraint bypass (CVE-2026-24733)
+- Resolves:
+ Tomcat: Client certificate verification bypass due to virtual host mapping (CVE-2025-66614)
+
* Tue Apr 14 2026 Coty Sutherland - 1:9.0.110-3
- Resolves: RHEL-168081 Fix copy/paste error in AJP connector that caused DELETE requests to be processed as OPTIONS requests (BZ#69848)