diff --git a/.gitignore b/.gitignore
index 1c02d34..65f18ab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/jss-4.7.3.tar.gz
+SOURCES/jss-4.8.0.tar.gz
diff --git a/.jss.metadata b/.jss.metadata
index f86585b..54dcef4 100644
--- a/.jss.metadata
+++ b/.jss.metadata
@@ -1 +1 @@
-c3c5fdc3003d78b26071d0c215067019ede3ad60 SOURCES/jss-4.7.3.tar.gz
+699bb5ba93dada5e513212dedbf456371448eca8 SOURCES/jss-4.8.0.tar.gz
diff --git a/SOURCES/0001-Only-check-PKCS11Constants-on-beta-builds.patch b/SOURCES/0001-Only-check-PKCS11Constants-on-beta-builds.patch
new file mode 100644
index 0000000..5a99e54
--- /dev/null
+++ b/SOURCES/0001-Only-check-PKCS11Constants-on-beta-builds.patch
@@ -0,0 +1,30 @@
+From eb6086840f5c79ba2ff5b1ccac3fe78ad2482e06 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Thu, 5 Nov 2020 11:07:13 -0500
+Subject: [PATCH] Only check PKCS11Constants on beta builds
+
+Recent errors with PKCS11Constants have shown that we shouldn't be
+running these tests on release builds for backports: only for
+pre-release content. Only run them when the beta bit is set.
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ cmake/JSSTests.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
+index a0fe36e2..7384bdc0 100644
+--- a/cmake/JSSTests.cmake
++++ b/cmake/JSSTests.cmake
+@@ -112,7 +112,7 @@ macro(jss_tests)
+         COMMAND "org.mozilla.jss.tests.TestGlobalReference"
+         MODE "NONE"
+     )
+-    if ((${Java_VERSION_MAJOR} EQUAL 1) AND (${Java_VERSION_MINOR} LESS 9))
++    if ((${Java_VERSION_MAJOR} EQUAL 1) AND (${Java_VERSION_MINOR} LESS 9) AND (${JSS_VERSION_BETA} EQUAL 1))
+         jss_test_java(
+             NAME "Test_PKCS11Constants.java_for_Sun_compatibility"
+             COMMAND "org.mozilla.jss.tests.TestPKCS11Constants"
+-- 
+2.25.4
+
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index 8b3f9c6..41121cf 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -6,8 +6,8 @@ Summary:        Java Security Services (JSS)
 URL:            http://www.dogtagpki.org/wiki/JSS
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 
-Version:        4.7.3
-Release:        1%{?_timestamp}%{?_commit_id}%{?dist}
+Version:        4.8.0
+Release:        2%{?_timestamp}%{?_commit_id}%{?dist}
 #global         _phase -a1
 
 # To generate the source tarball:
@@ -26,6 +26,8 @@ Source:         https://github.com/dogtagpki/%{name}/archive/v%{version}%{?_phas
 #     > jss-VERSION-RELEASE.patch
 # Patch: jss-VERSION-RELEASE.patch
 
+Patch: 0001-Only-check-PKCS11Constants-on-beta-builds.patch
+
 ################################################################################
 # Build Dependencies
 ################################################################################
@@ -50,7 +52,7 @@ BuildRequires:  glassfish-jaxb-api
 %else
 BuildRequires:  slf4j-jdk14
 %endif
-BuildRequires:  apache-commons-lang
+BuildRequires:  apache-commons-lang3
 
 BuildRequires:  junit
 
@@ -64,12 +66,12 @@ Requires:       glassfish-jaxb-api
 %else
 Requires:       slf4j-jdk14
 %endif
-Requires:       apache-commons-lang
+Requires:       apache-commons-lang3
 
 Conflicts:      ldapjdk < 4.20
 Conflicts:      idm-console-framework < 1.2
-Conflicts:      tomcatjss < 7.3.4
-Conflicts:      pki-base < 10.6.5
+Conflicts:      tomcatjss < 7.6.0
+Conflicts:      pki-base < 10.10.0
 
 %description
 Java Security Services (JSS) is a java native interface which provides a bridge
@@ -108,26 +110,13 @@ export CFLAGS
 # Check if we're in FIPS mode
 modutil -dbdir /etc/pki/nssdb -chkfips true | grep -q enabled && export FIPS_ENABLED=1
 
-# RHEL's CMake doesn't support -B flag.
-%if 0%{?rhel}
-%{__mkdir_p} %{_vpath_builddir}
-cd %{_vpath_builddir}
-%endif
-
 # The Makefile is not thread-safe
 %cmake \
     -DJAVA_HOME=%{java_home} \
     -DJAVA_LIB_INSTALL_DIR=%{_jnidir} \
-%if 0%{?rhel}
-    ..
-%else
     -B %{_vpath_builddir}
-%endif
 
-%if 0%{?fedora}
 cd %{_vpath_builddir}
-%endif
-
 %{__make} all
 %{__make} javadoc
 ctest --output-on-failure
@@ -173,6 +162,16 @@ cp -p *.txt $RPM_BUILD_ROOT%{_javadocdir}/%{name}-%{version}
 
 ################################################################################
 %changelog
+* Wed Nov 18 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-2
+- Only check PKCS11Constants on beta builds
+- Bump tomcatjss, pki-core conflicts due to lang3
+
+* Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-1
+- Rebase to upstream JSS v4.8.0
+
+* Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.8.0-0.1
+- Rebase to upstream JSS v4.8.0-b1
+
 * Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 4.7.3-1
 - Rebase to upstream stable release JSS v4.7.3
 - Red Hat Bugzilla #1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add