diff --git a/.trivyignore b/.trivyignore
index 5567c04..40c91cd 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -1,3 +1,3 @@
 # Accept the risk
-CVE-2016-1000027
+# CVE-2016-1000027
 
diff --git a/Dockerfile b/Dockerfile
index 9b37892..eb0e559 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
+FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.5
 
 ########################
 ### VERSION SETTINGS ###
@@ -6,11 +6,11 @@ FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:8.10
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=10 \
-    TOMCAT_VERSION=10.1.30 \
+    TOMCAT_VERSION=10.1.39 \
 ##shib-idp \
-    VERSION=5.1.3 \
+    VERSION=5.1.4 \
 ##TIER \
-    TIERVERSION=20240930_rocky8_multiarch \
+    TIERVERSION=20250327_rocky9_multiarch \
 #################### \
 #### OTHER VARS #### \
 #################### \
@@ -51,9 +51,9 @@ RUN ln -sf /usr/share/zoneinfo/UTC /etc/localtime \
     && echo "NETWORKING=yes" > /etc/sysconfig/network
 
 # Install base deps
-RUN rm -fr /var/cache/yum/* && yum clean all && yum -y update && yum -y install --setopt=tsflags=nodocs epel-release && \
-    yum -y install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
-    yum -y clean all && \
+RUN rm -fr /var/cache/dnf/* && dnf -y clean all && dnf -y update && dnf -y install --setopt=tsflags=nodocs epel-release && \
+    dnf -y --allowerasing install net-tools wget curl tar unzip mlocate logrotate strace telnet man unzip vim rsyslog cronie krb5-workstation openssl-devel supervisor fontconfig findutils && \
+    dnf -y clean all && \
     mkdir -p /opt/tier && \
 # Install Trusted Certificates
     update-ca-trust force-enable
@@ -73,7 +73,7 @@ RUN update-ca-trust extract
 # Install Corretto Java JDK (from Amazon repo, more arch independent)
 RUN rpm --import https://yum.corretto.aws/corretto.key \
     && curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo \
-    && yum install -y java-17-amazon-corretto-devel
+    && dnf install -y java-17-amazon-corretto-devel
 ENV JAVA_HOME=/usr/lib/jvm/java-17-amazon-corretto
 
 # Copy IdP installer properties file(s)
diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties
index 7f59908..1a54d58 100644
--- a/container_files/idp/idp.installer.properties
+++ b/container_files/idp/idp.installer.properties
@@ -1,4 +1,4 @@
-idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.3
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.4
 idp.target.dir=/opt/shibboleth-idp
 idp.host.name=idp.example.org
 idp.sealer.password=changeit
diff --git a/container_files/system/startup.sh b/container_files/system/startup.sh
index 82cc28b..83e8a00 100644
--- a/container_files/system/startup.sh
+++ b/container_files/system/startup.sh
@@ -58,6 +58,8 @@ rm -f ${IDP_LOG_CFG_FILE}.tmp
 sed -i -e 's/rolling.RollingFileAppender/FileAppender/g' ${IDP_LOG_CFG_FILE}
 sed -i -e '/<rollingPolicy/,/<\/rollingPolicy>/d' ${IDP_LOG_CFG_FILE}
 
+# temp for 5.1.4
+sed -i -e 's/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>/<logger name=\"net.shibboleth.idp\" level=\"${idp.loglevel.idp}\"\/>\n\n    <!-- temporary for 5.1.4 -->\n    <logger name=\"org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder\" level=\"ERROR\" \/>/g' ${IDP_LOG_CFG_FILE}
 
 #launch supervisord
 exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf