diff --git a/sources b/sources
index 674672b8088c362fbd61dba9a0f36f307e891b4c..111567c957f34937c284f9154f74d65ddd97fbac 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.111-src.tar.gz) = aa27b0e104cecb2d75853fc46ddae2bccda12ebb1c0e86e51731f7183028e17970dbacfd9d0f5534b32ea4c1d1f68bb0dac510aa71944ea686a545cf8e5adb40
+SHA512 (apache-tomcat-9.0.117-src.tar.gz) = f40854a6ed1f208ccdd3da82527fc806eb9231aebaee86d6987e9699d1d31bb548765241424368708b89bdce01d4558a638532a35932f686d3edabd26951041d
diff --git a/tomcat.spec b/tomcat.spec
index f0e3c75ddcd4d4a824530b71e761921ef59e53d1..26d188884df7b5edc87b0ab72419180efb266cc5 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,7 +13,7 @@
 
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 Name:          tomcat
-Version:       9.0.111
+Version:       9.0.117
 Release:       1%{?dist}
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@@ -152,7 +152,7 @@ touch HACK
   -Dversion.build="%{micro_version}" \
   deploy
 
-rm output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
+rm output/build/lib/ecj.jar
 rm -rf output/build/webapps/examples
 
 %install
@@ -234,6 +234,7 @@ pushd %{buildroot}%{_javadir}/%{name}
     ln -s ../../java/%{name}-servlet-%{servletspec}-api.jar .
     ln -s ../../java/%{name}-el-%{elspec}-api.jar .
     ln -s $(build-classpath ecj/ecj) jasper-jdt.jar
+    cp -a ../../%{name}/bin/tomcat-juli.jar .
 popd
 
 pushd %{buildroot}%{_datadir}/%{name}
@@ -360,6 +361,7 @@ fi
 %dir %{_datadir}/%{name}
 %{_datadir}/%{name}/bin/bootstrap.jar
 %{_datadir}/%{name}/bin/catalina-tasks.xml
+%{_datadir}/%{name}/bin/commons-daemon.jar
 %{_datadir}/%{name}/lib
 %{_datadir}/%{name}/temp
 %{_datadir}/%{name}/webapps
@@ -414,6 +416,17 @@ fi
 %{_var}/lib/%{name}/webapps/ROOT
 
 %changelog
+* Tue Apr 14 2026 Doris Chao <doriscchao@tencent.com> - 9.0.117-1
+- [Type] security
+- [DESC] Update to version 9.0.117 to fix multiple CVEs:
+- Fixed in 9.0.117: CVE-2026-34500 (Moderate), CVE-2026-34487 (Low),
+- CVE-2026-34486 (Important), CVE-2026-34483 (Low)
+- Fixed in 9.0.116: CVE-2026-32990 (Moderate), CVE-2026-29146 (Important),
+- CVE-2026-29145 (Moderate), CVE-2026-29129 (Low), CVE-2026-25854 (Low),
+- CVE-2026-24880 (Low)
+- Fixed in 9.0.115: CVE-2026-24734 (Moderate)
+- Fixed in 9.0.113: CVE-2026-24733 (Low), CVE-2025-66614 (Moderate)
+
 * Wed Oct 29 2025 Doris Chao <doriscchao@tencent.com> - 9.0.111-1
 - [Type] security
 - [DESC] Update to version 9.0.111 to fix CVE-2025-55752, CVE-2025-55754
@@ -495,3 +508,4 @@ fi
 
 * Mon Apr 24 2023 Miaojun Dong <zoedong@tencent.com> - 9.0.71-1
 - initial build
+