diff --git a/sources b/sources
index c2a102c..525648d 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-f8a1a0f811f6ffe0a4ccc1132c442d8b  apache-tomcat-8.0.32-src.tar.gz
+be048e9ffa26957892933c9fa6bca0d8  apache-tomcat-8.0.36-src.tar.gz
diff --git a/tomcat-8.0-tomcat-users-webapp.patch b/tomcat-8.0-tomcat-users-webapp.patch
index 9f05e37..860c4cf 100644
--- a/tomcat-8.0-tomcat-users-webapp.patch
+++ b/tomcat-8.0-tomcat-users-webapp.patch
@@ -1,8 +1,8 @@
 --- conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
 +++ conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
 @@ -23,4 +23,14 @@
-   <user username="both" password="tomcat" roles="tomcat,role1"/>
-   <user username="role1" password="tomcat" roles="role1"/>
+   <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
+   <user username="role1" password="<must-be-changed>" roles="role1"/>
  -->
 +
 +<!-- <role rolename="admin"/> -->
@@ -13,5 +13,5 @@
 +<!-- <role rolename="manager-script"/> -->
 +<!-- <role rolename="manager-jmx"/> -->
 +<!-- <role rolename="manager-status"/> -->
-+<!-- <user name="admin" password="adminadmin" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
++<!-- <user name="admin" password="<must-be-changed>" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
  </tomcat-users>
diff --git a/tomcat-8.0.36-CompilerOptionsV9.patch b/tomcat-8.0.36-CompilerOptionsV9.patch
new file mode 100644
index 0000000..0b44236
--- /dev/null
+++ b/tomcat-8.0.36-CompilerOptionsV9.patch
@@ -0,0 +1,24 @@
+--- java/org/apache/jasper/compiler/JDTCompiler.java~	2016-07-01 14:39:19.728255958 -0400
++++ java/org/apache/jasper/compiler/JDTCompiler.java	2016-07-01 14:39:37.191311760 -0400
+@@ -312,9 +312,6 @@
+             } else if(opt.equals("1.8")) {
+                 settings.put(CompilerOptions.OPTION_Source,
+                              CompilerOptions.VERSION_1_8);
+-            } else if(opt.equals("1.9")) {
+-                settings.put(CompilerOptions.OPTION_Source,
+-                             CompilerOptions.VERSION_1_9);
+             } else {
+                 log.warn("Unknown source VM " + opt + " ignored.");
+                 settings.put(CompilerOptions.OPTION_Source,
+@@ -361,11 +358,6 @@
+                              CompilerOptions.VERSION_1_8);
+                 settings.put(CompilerOptions.OPTION_Compliance,
+                         CompilerOptions.VERSION_1_8);
+-            } else if(opt.equals("1.9")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform,
+-                             CompilerOptions.VERSION_1_9);
+-                settings.put(CompilerOptions.OPTION_Compliance,
+-                        CompilerOptions.VERSION_1_9);
+             } else {
+                 log.warn("Unknown target VM " + opt + " ignored.");
+                 settings.put(CompilerOptions.OPTION_TargetPlatform,
diff --git a/tomcat.spec b/tomcat.spec
index f429dc3..be5d53b 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -31,7 +31,7 @@
 %global jspspec 2.3
 %global major_version 8
 %global minor_version 0
-%global micro_version 32
+%global micro_version 36
 %global packdname apache-tomcat-%{version}-src
 %global servletspec 3.1
 %global elspec 3.0
@@ -57,7 +57,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       5%{?dist}
+Release:       1%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 Group:         System Environment/Daemons
@@ -86,6 +86,7 @@ Source32:      tomcat-named.service
 
 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
+Patch2:        %{name}-8.0.36-CompilerOptionsV9.patch
 
 BuildArch:     noarch
 
@@ -237,6 +238,8 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 
 %patch0 -p0
 %patch1 -p0
+%patch2 -p0
+
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-impl) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath tomcat-taglibs-standard/taglibs-standard-compat) webapps/examples/WEB-INF/lib/standard.jar
 
@@ -679,7 +682,8 @@ fi
 %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
 
 %changelog
-* Mon Aug 08 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.32-5
+* Mon Aug 08 2016 Coty Sutherland <csutherl@redhat.com> - 1:8.0.36-1
+- Resolves: rhbz#1349463 CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service (updates to 8.0.36)
 - Resolves: rhbz#1364056 The command tomcat-digest doesn't work
 - Resolves: rhbz#1363884 The tomcat-tool-wrapper script is broken