diff --git a/module-start-up-parameters.conf b/module-start-up-parameters.conf
new file mode 100644
index 0000000000000000000000000000000000000000..ba35e23573c5bf975bff45a6871b054c21b4c46c
--- /dev/null
+++ b/module-start-up-parameters.conf
@@ -0,0 +1,7 @@
+# Add the module start-up parameters required by Tomcat
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
+export JAVA_OPTS
diff --git a/tomcat-10.1-catalina-policy.patch b/tomcat-10.1-catalina-policy.patch
new file mode 100644
index 0000000000000000000000000000000000000000..32549683c75c41fa29a00835fa5ade910c427e8e
--- /dev/null
+++ b/tomcat-10.1-catalina-policy.patch
@@ -0,0 +1,16 @@
+--- conf/catalina.policy.orig	2024-05-22 16:12:23.809886452 +0300
++++ conf/catalina.policy	2024-05-22 16:14:38.913939654 +0300
+@@ -55,6 +55,14 @@
+         permission java.security.AllPermission;
+ };
+
++// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
++
++// Allowing everything in /usr/share/java allows too many unknowns to be permitted
++// Specifying the individual jars that tomcat needs to function with the security manager
++// is the safest way forward.
++grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
++	permission java.security.AllPermission;
++};
+
+ // ========== CATALINA CODE PERMISSIONS =======================================
diff --git a/tomcat-10.1-digest.script b/tomcat-10.1-digest.script
new file mode 100644
index 0000000000000000000000000000000000000000..ce4aa0f14788206184d638cabbc867f27f5f4642
--- /dev/null
+++ b/tomcat-10.1-digest.script
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# tomcat-digest script
+# JPackage Project <http://www.jpackage.org/>
+
+# Source functions library
+if [ -f /usr/share/java-utils/java-functions ] ; then
+  . /usr/share/java-utils/java-functions
+else
+  echo "Can't find functions library, aborting"
+  exit 1
+fi
+
+# Get the tomcat config (use this for environment specific settings)
+if [ -z "${TOMCAT_CFG}" ]; then
+    TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+fi
+
+if [ -r "$TOMCAT_CFG" ]; then
+    . $TOMCAT_CFG
+fi
+
+set_javacmd
+
+# CLASSPATH munging
+if [ -n "$JSSE_HOME" ]; then
+  CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
+fi
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+export CLASSPATH
+
+# Configuration
+MAIN_CLASS="org.apache.catalina.startup.Tool"
+BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
+BASE_OPTIONS=""
+BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
+
+# Set parameters
+set_classpath $BASE_JARS
+set_flags $BASE_FLAGS
+set_options $BASE_OPTIONS
+
+# Let's start
+run -server org.apache.catalina.realm.RealmBase "$@"
diff --git a/tomcat-10.1-tool-wrapper.script b/tomcat-10.1-tool-wrapper.script
new file mode 100644
index 0000000000000000000000000000000000000000..949d46d012722c804dba474c81d3e8563794fe53
--- /dev/null
+++ b/tomcat-10.1-tool-wrapper.script
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# tomcat-digest script
+# JPackage Project <http://www.jpackage.org/>
+
+# Source functions library
+if [ -f /usr/share/java-utils/java-functions ] ; then
+  . /usr/share/java-utils/java-functions
+else
+  echo "Can't find functions library, aborting"
+  exit 1
+fi
+
+# Get the tomcat config (use this for environment specific settings)
+if [ -z "${TOMCAT_CFG}" ]; then
+    TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+fi
+
+if [ -r "$TOMCAT_CFG" ]; then
+    . $TOMCAT_CFG
+fi
+
+set_javacmd
+
+# CLASSPATH munging
+if [ -n "$JSSE_HOME" ]; then
+  CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
+fi
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+export CLASSPATH
+
+# Configuration
+MAIN_CLASS="org.apache.catalina.startup.Tool"
+BASE_OPTIONS=""
+BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
+BASE_JARS="commons-daemon tomcat/catalina servlet tomcat/tomcat-util tomcat/tomcat-coyote tomcat/tomcat-api tomcat/tomcat-util-scan"
+
+# Set parameters
+set_classpath $BASE_JARS
+set_flags $BASE_FLAGS
+set_options $BASE_OPTIONS
+
+# Let's start
+run "$@"
diff --git a/tomcat-10.1.conf b/tomcat-10.1.conf
new file mode 100644
index 0000000000000000000000000000000000000000..c83305ad6542134a1a69932f57cc99baab6c784f
--- /dev/null
+++ b/tomcat-10.1.conf
@@ -0,0 +1,42 @@
+# System-wide configuration file for tomcat services
+# This will be loaded by systemd as an environment file,
+# so please keep the syntax. For shell expansion support
+# place your custom files as /etc/tomcat/conf.d/*.conf
+#
+# There are 2 "classes" of startup behavior in this package.
+# The old one, the default service named tomcat.service.
+# The new named instances are called tomcat@instance.service.
+#
+# Use this file to change default values for all services.
+# Change the service specific ones to affect only one service.
+# For tomcat.service it's /etc/sysconfig/tomcat, for
+# tomcat@instance it's /etc/sysconfig/tomcat@instance.
+
+# This variable is used to figure out if config is loaded or not.
+TOMCAT_CFG_LOADED="1"
+
+# In new-style instances, if CATALINA_BASE isn't specified, it will
+# be constructed by joining TOMCATS_BASE and NAME.
+TOMCATS_BASE="/var/lib/tomcats/"
+
+# Where your java installation lives
+JAVA_HOME="/usr/lib/jvm/jre"
+
+# Where your tomcat installation lives
+CATALINA_HOME="@@@TCHOME@@@"
+
+# System-wide tmp
+CATALINA_TMPDIR="/var/cache/tomcat/temp"
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)
+
+# You can also pass parameters to Java here by defining JAVA_OPTS variable
+# (e.g. JAVA_OPTS="-Xminf0.1 -Xmaxf0.3")
diff --git a/tomcat-10.1.logrotate b/tomcat-10.1.logrotate
new file mode 100644
index 0000000000000000000000000000000000000000..082092aa4e8a4abd5a20cb49f9bf95169a2d940b
--- /dev/null
+++ b/tomcat-10.1.logrotate
@@ -0,0 +1,11 @@
+# This is an example config only and is disabled by default
+# If you wish to use it, you'll need to update /etc/tomcat/logging.properties
+# to prevent catalina*.log from being rotated by Tomcat
+@@@TCLOG@@@/catalina*.log {
+    copytruncate
+    weekly
+    rotate 52
+    compress
+    missingok
+    create 0644 tomcat tomcat
+}
diff --git a/tomcat-10.1.service b/tomcat-10.1.service
new file mode 100644
index 0000000000000000000000000000000000000000..832e7c6660fd68ad7ed0a7b5dde4579912e6c549
--- /dev/null
+++ b/tomcat-10.1.service
@@ -0,0 +1,20 @@
+# Systemd unit file for default tomcat
+# 
+# To create clones of this service:
+# DO NOTHING, use tomcat@.service instead.
+
+[Unit]
+Description=Apache Tomcat Web Application Container
+After=syslog.target network.target
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/tomcat/tomcat.conf
+Environment="NAME="
+EnvironmentFile=-/etc/sysconfig/tomcat
+ExecStart=/usr/libexec/tomcat/server start
+SuccessExitStatus=143
+User=tomcat
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tomcat-10.1.sysconfig b/tomcat-10.1.sysconfig
new file mode 100644
index 0000000000000000000000000000000000000000..3117bf700c267b4f1a398f6cf7fa41344c3bdc3f
--- /dev/null
+++ b/tomcat-10.1.sysconfig
@@ -0,0 +1,11 @@
+# Service-specific configuration file for tomcat. This will be sourced by
+# systemd for the default service (tomcat.service)
+# If you want to customize named instance, make a similar file
+# and name it tomcat@instancename.
+
+# You will not need to set this, usually. For default service it equals
+# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME}
+#CATALINA_BASE="@@@TCHOME@@@"
+
+# Please take a look at /etc/tomcat/tomcat.conf to have an idea what you
+# can override.
diff --git a/tomcat-10.1.wrapper b/tomcat-10.1.wrapper
new file mode 100644
index 0000000000000000000000000000000000000000..c97cb854abb9453f1da0889862028c7da36f3371
--- /dev/null
+++ b/tomcat-10.1.wrapper
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [ "$1" = "version" ]; then
+  . /usr/libexec/tomcat/preamble
+  exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
+    org.apache.catalina.util.ServerInfo
+fi
+
+SRV="tomcat"
+if [ -n "$2" ]; then
+  SRV="tomcat@$2"
+fi
+
+if [ "$1" = "start" ]; then
+  systemctl start ${SRV}.service
+elif [ "$1" = "stop" ]; then
+  systemctl stop ${SRV}.service
+elif [ "$1" = "version" ]; then
+  ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
+    org.apache.catalina.util.ServerInfo
+else
+  echo "Usage: $0 {start|stop|version} [server-id]"
+  exit 1
+fi
diff --git a/tomcat-functions b/tomcat-functions
index ab08fa22c597f89175a36df9feb90a522d7921e2..118765312065e39b13d911bff5398932d3a73707 100644
--- a/tomcat-functions
+++ b/tomcat-functions
@@ -13,30 +13,9 @@ _save_function() {
     eval "$NEWNAME_FUNC"
 }
 
-run_jsvc(){
-    if [ -x /usr/bin/jsvc ]; then
-        TOMCAT_USER="${TOMCAT_USER:-tomcat}"
-        JSVC="/usr/bin/jsvc"
-
-        JSVC_OPTS="-nodetach -pidfile /var/run/jsvc-tomcat${NAME}.pid -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
-        if [ "$1" = "stop" ]; then
-            JSVC_OPTS="${JSVC_OPTS} -stop"
-    	fi
-
-        exec "${JSVC}" ${JSVC_OPTS} ${FLAGS} -classpath "${CLASSPATH}" ${OPTIONS} "${MAIN_CLASS}" "${@}"
-    else
-       	echo "Can't find /usr/bin/jsvc executable"
-    fi
-
-}
-
 _save_function run run_java
 
 run() {
-   if [ "${USE_JSVC}" = "true" ] ; then
-	run_jsvc $@
-   else
 	run_java $@
-   fi
 }
 
diff --git a/tomcat-server b/tomcat-server
index 17ae3852707ec0777d42152493169e46b448cfeb..25ef221acea703ce759ed37d2ad139325543f651 100644
--- a/tomcat-server
+++ b/tomcat-server
@@ -10,7 +10,8 @@ OPTIONS="-Dcatalina.base=$CATALINA_BASE \
 -Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
 -Djava.io.tmpdir=$CATALINA_TMPDIR \
 -Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
--Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
+-Dsun.io.useCanonCaches=false"
 
 if [ "$1" = "start" ] ; then
   FLAGS="${FLAGS} $CATALINA_OPTS"
diff --git a/tomcat.spec b/tomcat.spec
index c8e1d05a4c512199fd0e075bfde486f59abf53ec..8599f0350b50f105a82511cbeebf346adc582c92 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -1,9 +1,9 @@
-%define anolis_release 1
+%define anolis_release		1
 
 %global jspspec 2.3
-%global major_version 9
-%global minor_version 0
-%global micro_version 107
+%global major_version 10
+%global minor_version 1
+%global micro_version 36
 %global packdname tomcat-%{version}
 %global servletspec 4.0
 %global elspec 3.0
@@ -33,19 +33,19 @@ Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{js
 
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
-Source0:       https://github.com/apache/tomcat/archive/refs/tags/%{version}.tar.gz
-Source1:       %{name}-%{major_version}.%{minor_version}.conf
-Source3:       %{name}-%{major_version}.%{minor_version}.sysconfig
-Source4:       %{name}-%{major_version}.%{minor_version}.wrapper
-Source5:       %{name}-%{major_version}.%{minor_version}.logrotate
-Source6:       %{name}-%{major_version}.%{minor_version}-digest.script
-Source7:       %{name}-%{major_version}.%{minor_version}-tool-wrapper.script
-Source11:      %{name}-%{major_version}.%{minor_version}.service
-Source21:      tomcat-functions
-Source30:      tomcat-preamble
-Source31:      tomcat-server
-Source32:      tomcat-named.service
-Source33:      java-9-start-up-parameters.conf
+Source0:	tomcat-10.1.36.redhat-00007-src.zip
+Source1:	tomcat-10.1.conf
+Source2:	tomcat-10.1.sysconfig
+Source3:	tomcat-10.1.wrapper
+Source4:	tomcat-10.1.logrotate
+Source5:	tomcat-10.1-digest.script
+Source6:	tomcat-10.1-tool-wrapper.script
+Source7:	tomcat-10.1.service
+Source8:	tomcat-functions
+Source9:	tomcat-preamble
+Source10:	tomcat-server
+Source11:	tomcat-named.service
+Source12:	module-start-up-parameters.conf
 
 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
@@ -53,6 +53,7 @@ Patch2:        %{name}-build.patch
 Patch3:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
 Patch4:        rhbz-1857043.patch
 Patch6:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
+Patch7:	tomcat-10.1-catalina-policy.patch
 
 BuildArch:     noarch
 
@@ -64,6 +65,9 @@ BuildRequires: javapackages-local
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
 BuildRequires: systemd
+BuildRequires: ant >= 1.10.2
+BuildRequires: ecj >= 4.20
+BuildRequires: tomcat-jakartaee-migration
 
 Requires:      java-headless >= 1:1.8.0
 Requires:      javapackages-tools
@@ -520,6 +524,10 @@ fi
 %doc {NOTICE,RELEASE*}
 
 %changelog
+* Fri Sep 19 2025 wenyuzifang <lzx02244079@alibaba-inc.com> - 10.1.36-1
+- Updated to version 10.1.36 to fix xxxxxx
+
+
 * Fri Jul 18 2025 zjl02254423 <zjl02254423@libaba-inc.com> -1:9.0.107-1
 - update to 9.0.107 to fix CVE-2025-52434,CVE-2025-52520,CVE-2025-53506