diff --git a/Dockerfile b/Dockerfile
index 58289b9292ca526e0f56c3889f5b5edf3e2ac428..f7731df328f3a359e3ae5f35e5b270534e537406 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ ARG BASE_REGISTRY=registry1.dso.mil
 ARG BASE_IMAGE=ironbank/redhat/openjdk/openjdk8
 ARG BASE_TAG=1.8.0
 
-FROM tomcat:jdk8-openjdk AS base
+FROM tomcat:8.5.70-jdk8-openjdk AS base
 
 FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG}
 
@@ -35,9 +35,9 @@ WORKDIR /usr/local/tomcat
 
 ENV TOMCAT_NATIVE_LIBDIR=/usr/local/tomcat/native-jni-lib
 ENV LD_LIBRARY_PATH=/usr/local/tomcat/native-jni-lib
-ENV TOMCAT_MAJOR=9
-ENV TOMCAT_VERSION=9.0.52
-ENV TOMCAT_SHA512=35e007e8e30e12889da27f9c71a6f4997b9cb5023b703d99add5de9271828e7d8d4956bf34dd2f48c7c71b4f8480f318c9067a4cd2a6d76eaae466286db4897b
+ENV TOMCAT_MAJOR=8
+ENV TOMCAT_VERSION=8.5.70
+ENV TOMCAT_SHA512=10d306a2ea27e10b914556678763e2b1295ffdaa3da042db586d39b9ab95640bd3e1b81627f96c61f400f2db98a7d4b4bbdf21dc3238c8d0025bf95b08f2f61c
 
 RUN rm -rf /usr/libexec/openssh/ssh-keysign /usr/share/doc/perl-IO-Socket-SSL/certs/* /usr/share/doc/perl-IO-Socket-SSL/example/* /usr/share/doc/perl-Net-SSLeay/examples/*
 
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index ec81decef6fdcafb6d2e8598878f3bfc57840be8..3ba7a02fc31dac180407080ee1058d035e35d969 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -8,7 +8,7 @@ name: "opensource/apache/tomcat8-openjdk8"
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "9.0.52"
+- "8.5.70"
 - "latest"
 
 # Build args passed to Dockerfile ARGs
@@ -27,7 +27,7 @@ labels:
   org.opencontainers.image.url: "http://tomcat.apache.org/"
   ## Name of the distributing entity, organization or individual
   org.opencontainers.image.vendor: "Apache"
-  org.opencontainers.image.version: "9.0.52"
+  org.opencontainers.image.version: "8.5.70"
   ## Keywords to help with search (ex. "cicd,gitops,golang")
   mil.dso.ironbank.image.keywords: "container, Java Servlet, JavaServer, Java Expression Languages, Java WebSocket"
   ## This value can be "opensource" or "commercial"
@@ -37,8 +37,8 @@ labels:
 
 # List of resources to make available to the offline build context
 resources:
-- tag: tomcat:jdk8-openjdk
-  url: docker://docker.io/tomcat@sha256:a2bfdce4bd77d778642a29cbeb630f924b9487ef9ebe3d6b20acef8e842d9e61
+- tag: tomcat:8.5.70-jdk8-openjdk
+  url: docker://docker.io/tomcat@sha256:a1d3e0b2809914d96543c9f2344aff84484f83e0a0004dff2e7e525b6a9602e2
 
 # List of project maintainers
 maintainers: