diff --git a/SOURCES/tomcat-7.0.76-CVE-2018-11784.patch b/SOURCES/tomcat-7.0.76-CVE-2018-11784.patch
new file mode 100644
index 0000000..fedf214
--- /dev/null
+++ b/SOURCES/tomcat-7.0.76-CVE-2018-11784.patch
@@ -0,0 +1,34 @@
+diff -up java/org/apache/catalina/servlets/DefaultServlet.java.orig java/org/apache/catalina/servlets/DefaultServlet.java
+--- java/org/apache/catalina/servlets/DefaultServlet.java.orig	2019-02-12 09:16:19.144563964 -0500
++++ java/org/apache/catalina/servlets/DefaultServlet.java	2019-02-12 09:16:52.516485998 -0500
+@@ -1103,6 +1103,10 @@ public class DefaultServlet
+             location.append('?');
+             location.append(request.getQueryString());
+         }
++        // Avoid protocol relative redirects
++        while (location.length() > 1 && location.charAt(1) == '/') {
++            location.deleteCharAt(0);
++        }
+         response.sendRedirect(response.encodeRedirectURL(location.toString()));
+     }
+
+diff -up webapps/docs/changelog.xml.orig webapps/docs/changelog.xml
+--- webapps/docs/changelog.xml.orig	2019-02-12 09:18:01.155325629 -0500
++++ webapps/docs/changelog.xml	2019-02-12 09:18:36.354243382 -0500
+@@ -57,6 +57,16 @@
+   They eventually become mixed with the numbered issues. (I.e., numbered
+   issues do not "pop up" wrt. others).
+ -->
++<section name="Tomcat 7.0.76-9 (csutherl)">
++  <subsection name="Catalina">
++    <changelog>
++      <fix>
++        When generating a redirect to a directory in the Default Servlet, avoid
++        generating a protocol relative redirect. (markt)
++      </fix>
++    </changelog>
++  </subsection>
++</section>
+ <section name="Tomcat 7.0.76-8 (csutherl)">
+   <subsection name="Catalina">
+     <changelog>
diff --git a/SPECS/tomcat.spec b/SPECS/tomcat.spec
index f3ac654..2f01f9e 100644
--- a/SPECS/tomcat.spec
+++ b/SPECS/tomcat.spec
@@ -54,7 +54,7 @@
 Name:          tomcat
 Epoch:         0
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       8%{?dist}
+Release:       9%{?dist}
 Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
 
 Group:         System Environment/Daemons
@@ -94,6 +94,7 @@ Patch6: %{name}-7.0.76-CVE-2017-7674.patch
 Patch7: %{name}-7.0.76-CVE-2017-12617.patch
 Patch8: patch.rhbz1602060
 Patch9: %{name}-7.0.76-CVE-2018-1336.patch
+Patch10: %{name}-7.0.76-CVE-2018-11784.patch
 
 BuildArch:     noarch
 
@@ -248,6 +249,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch7 -p0
 %patch8 -p0
 %patch9 -p0
+%patch10 -p0
 
 %{__ln_s} $(build-classpath jakarta-taglibs-core) webapps/examples/WEB-INF/lib/jstl.jar
 %{__ln_s} $(build-classpath jakarta-taglibs-standard) webapps/examples/WEB-INF/lib/standard.jar
@@ -692,11 +694,14 @@ fi
 %attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
 
 %changelog
-* Mon Oct 01 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8
-- Resolves: rhbz#1608608 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
+* Tue Feb 12 2019 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-9
+- Resolves: rhbz#1641873 CVE-2018-11784 tomcat: Open redirect in default servlet
 
-* Wed Jul 18 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7
-- Resolves: rhbz#1607893 Deadlock occurs while sending to a closing session.
+* Fri Oct 12 2018 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-8
+- Resolves: rhbz#1608607 CVE-2018-1336 tomcat: A bug in the UTF 8 decoder can lead to DoS
+
+* Tue Jul 24 2018 Jean-Frederic Clere <jclere@redhat.com> 0:7.0.76-7
+- Resolves: rhbz#1602060 Deadlock occurs while sending to a closing session
 
 * Wed Nov 08 2017 Coty Sutherland <csutherl@redhat.com> 0:7.0.76-6
 - Related: rhbz#1505762 Remove erroneous useradd