diff --git a/.gitignore b/.gitignore
index 0236d25..799ca53 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/jss-4.7.0-b4.tar.gz
+SOURCES/jss-4.8.1.tar.gz
diff --git a/.jss.metadata b/.jss.metadata
index e839928..d3c9489 100644
--- a/.jss.metadata
+++ b/.jss.metadata
@@ -1 +1 @@
-efe5f117b59556c41cf7c1eac05da22d8d781312 SOURCES/jss-4.7.0-b4.tar.gz
+5bf724d866e8fd7e577ffdecb06dbb679b113ce3 SOURCES/jss-4.8.1.tar.gz
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index cf402e2..646b509 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -6,9 +6,9 @@ Summary:        Java Security Services (JSS)
 URL:            http://www.dogtagpki.org/wiki/JSS
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
-Version:        4.7.0
-Release:        0.4%{?_timestamp}%{?_commit_id}%{?dist}
-%global         _phase -b4
+Version:        4.8.1
+Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
+#global         _phase -a1
 
 # To generate the source tarball:
 # $ git clone https://github.com/dogtagpki/jss.git
@@ -33,7 +33,7 @@ Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
 # autosetup
 BuildRequires:  git
 BuildRequires:  make
-BuildRequires:  cmake
+BuildRequires:  cmake >= 3.14
 BuildRequires:  zip
 BuildRequires:  unzip
 
@@ -50,7 +50,7 @@ BuildRequires:  glassfish-jaxb-api
 %else
 BuildRequires:  slf4j-jdk14
 %endif
-BuildRequires:  apache-commons-lang
+BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
@@ -64,12 +64,12 @@ Requires:       glassfish-jaxb-api
 %else
 Requires:       slf4j-jdk14
 %endif
-Requires:       apache-commons-lang
+Requires:       apache-commons-lang3
 
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
-Conflicts:      tomcatjss < 7.3.4
-Conflicts:      pki-base < 10.6.5
+Conflicts:      tomcatjss < 7.6.0
+Conflicts:      pki-base < 10.10.0
 
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
@@ -109,12 +109,12 @@ export CFLAGS
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
 
 # The Makefile is not thread-safe
-rm -rf build && mkdir -p build && cd build
 %cmake \
     -DJAVA_HOME=%{java_home} \
     -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-    ..
+    -B %{_vpath_builddir}
 
+cd %{_vpath_builddir}
 %{__make} all
 %{__make} javadoc
 ctest --output-on-failure
@@ -126,19 +126,19 @@ ctest --output-on-failure
 
 # jars
 install -d -m 0755 $RPM_BUILD_ROOT%{_jnidir}
-install -m 644 build/jss4.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
+install -m 644 %{_vpath_builddir}/jss4.jar ${RPM_BUILD_ROOT}%{_jnidir}/jss4.jar
 
 # We have to use the name libjss4.so because this is dynamically
 # loaded by the jar file.
 install -d -m 0755 $RPM_BUILD_ROOT%{_libdir}/jss
-install -m 0755 build/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/
+install -m 0755 %{_vpath_builddir}/libjss4.so ${RPM_BUILD_ROOT}%{_libdir}/jss/
 pushd  ${RPM_BUILD_ROOT}%{_libdir}/jss
     ln -fs %{_jnidir}/jss4.jar jss4.jar
 popd
 
 # javadoc
 install -d -m 0755 $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
-cp -rp build/docs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
+cp -rp %{_vpath_builddir}/docs/* $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 cp -p jss.html $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 
@@ -160,6 +160,36 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 
 ################################################################################
 %changelog
+* Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.1-1
+- Rebase to upstream JSS v4.8.1
+- Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class
+- Red Hat Bugilla #1489256 - [RFE] jss should support RSA with OAEP padding
+
+* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
+- Only check PKCS11Constants on beta builds
+- Bump tomcatjss, pki-core conflicts due to lang3
+
+* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
+- Rebase to upstream JSS v4.8.0
+
+* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
+- Rebase to upstream JSS v4.8.0-b1
+
+* Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
+- Rebase to upstream stable release JSS v4.7.3
+- Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add
+
+* Thu Aug 06 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.2-1
+- Rebase to upstream stable release JSS v4.7.2
+- Red Hat Bugzilla #1822246 - Fix SSLSocket NULL pointer deference after close
+
+* Fri Jul 31 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.1-1
+- Rebase to upstream stable release JSS v4.7.1
+
+* Thu Jul 09 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-1
+- Rebase to upstream stable release JSS v4.7.0
+- Fixed TestSSLEngine
+
 * Thu Jun 25 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.0-0.4
 - Rebased to JSS 4.7.0-b4