diff --git a/REQUIREMENTS b/REQUIREMENTS
index 51d2363ed..a40a24a7b 100644
--- a/REQUIREMENTS
+++ b/REQUIREMENTS
@@ -1,6 +1,6 @@
 pkg:deb/ubuntu/apache2-utils@2.4.52*?arch=amd64&distro=jammy
-pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.16?arch=amd64&distro=jammy
-pkg:deb/ubuntu/dnsutils@1:9.18.24-0ubuntu0.22.04.1?arch=amd64&distro=jammy
+pkg:deb/ubuntu/curl@7.81.0-1ubuntu1.17?arch=amd64&distro=jammy
+pkg:deb/ubuntu/dnsutils@1:9.18*-0ubuntu0.22.04.1?arch=amd64&distro=jammy
 pkg:deb/ubuntu/pwgen@2.08-2build1?arch=amd64&distro=jammy
 pkg:deb/ubuntu/s3cmd@2.2.0-1?arch=amd64&distro=jammy
 pkg:generic/kubectl@v1.29.7
diff --git a/changelog/0.40.md b/changelog/0.40.md
new file mode 100644
index 000000000..d8ee0abf3
--- /dev/null
+++ b/changelog/0.40.md
@@ -0,0 +1,82 @@
+# v0.40.0
+
+Released 2024-08-05
+<!-- -->
+> [!IMPORTANT]
+> **Platform Administrator Notice(s)**
+>
+> - New environment variable `CK8S_K8S_INSTALLER`  is required for running `ck8s init`. There is a new command for listing supported installers with `ck8s k8s-installers`. It is assumed that nftables are used instead of iptables (Ubuntu 22.04 or newer) when `CK8S_K8S_INSTALLER` is set to `capi` (cluster-api).
+> - New generic openstack `CK8S_PROVIDER` for situations when apps is deployed on a openstack cloud but not safespring, elastx or citycloud.
+> - This update to the autoscaling monitoring breaks support for the autoscaler deployment that was part of the openstack cluster chart. But it instead works with the independent upstream autoscaler chart.
+<!-- -->
+> [!NOTE]
+> **Application Developer Notice(s)**
+>
+> - The alert for kured in wc will be removed since this didn't work as expected.
+
+## Changes by kind
+
+### Feature(s)
+
+- [#1980](https://github.com/elastisys/compliantkubernetes-apps/pull/1980) - Add conditional set-me in config [@Ajarmar](https://github.com/Ajarmar)
+
+### Improvement(s)
+
+- [#2153](https://github.com/elastisys/compliantkubernetes-apps/pull/2153) - Improve diagnostics script [@vomba](https://github.com/vomba)
+- [#2155](https://github.com/elastisys/compliantkubernetes-apps/pull/2155) - Migrate Fluentd networkpolices to generator [@robinAwallace](https://github.com/robinAwallace)
+- [#2160](https://github.com/elastisys/compliantkubernetes-apps/pull/2160) - Upgrade Kured to v1.15.1 [@lunkan93](https://github.com/lunkan93)
+- [#2174](https://github.com/elastisys/compliantkubernetes-apps/pull/2174) - psps: allow matchexpressions in gatekeeper mutation for runasuser [@Pavan-Gunda](https://github.com/Pavan-Gunda)
+- [#2178](https://github.com/elastisys/compliantkubernetes-apps/pull/2178) - Enable OAuth PKCE in Grafana [@Zash](https://github.com/Zash)
+- [#2185](https://github.com/elastisys/compliantkubernetes-apps/pull/2185) - Bump dnsutils 1:9.18.24-0ubuntu0.22.04.1 [@simonklb](https://github.com/simonklb)
+- [#2188](https://github.com/elastisys/compliantkubernetes-apps/pull/2188) - increase rclone default job deadline and make it configurable [@Eliastisys](https://github.com/Eliastisys)
+- [#2190](https://github.com/elastisys/compliantkubernetes-apps/pull/2190) - Add new K8s installer variable and config [@anders-elastisys](https://github.com/anders-elastisys) [@robinAwallace](https://github.com/robinAwallace)
+- [#2194](https://github.com/elastisys/compliantkubernetes-apps/pull/2194) - apps sc: increase default grafana timeout [@davidumea](https://github.com/davidumea)
+- [#2195](https://github.com/elastisys/compliantkubernetes-apps/pull/2195) - bin: allow password-less sudo for install-requirements script [@AlbinB97](https://github.com/AlbinB97)
+- [#2201](https://github.com/elastisys/compliantkubernetes-apps/pull/2201) - apps sc: Added node filter to more graphs in kubernetes status dashboard [@Xartos](https://github.com/Xartos)
+- [#2205](https://github.com/elastisys/compliantkubernetes-apps/pull/2205) - tests: Improved tests [@Xartos](https://github.com/Xartos)
+- [#2212](https://github.com/elastisys/compliantkubernetes-apps/pull/2212) - config: change rclone activedeadlineseconds to 14400 [@Pavan-Gunda](https://github.com/Pavan-Gunda)
+- [#2216](https://github.com/elastisys/compliantkubernetes-apps/pull/2216) - Upgrade opensearch and opensearch dashboards to app version v2.15.0 [@viktor-f](https://github.com/viktor-f)
+- [#2220](https://github.com/elastisys/compliantkubernetes-apps/pull/2220) - apps sc: dex upgraded to app version 2.40.0 and chart version 0.18.0 [@viktor-f](https://github.com/viktor-f)
+- [#2221](https://github.com/elastisys/compliantkubernetes-apps/pull/2221) - apps: upgrade metrics server to app v0.7.1 and chart v3.12.1 [@viktor-f](https://github.com/viktor-f)
+- [#2224](https://github.com/elastisys/compliantkubernetes-apps/pull/2224) - Upgrade prometheus-elasticsearch-exporter [@lunkan93](https://github.com/lunkan93)
+- [#2225](https://github.com/elastisys/compliantkubernetes-apps/pull/2225) - apps sc: change autoscaling monitoring to work with new autoscaler chart [@viktor-f](https://github.com/viktor-f)
+- [#2228](https://github.com/elastisys/compliantkubernetes-apps/pull/2228) - apps sc: Added back the skip of the consent screen for dex [@Xartos](https://github.com/Xartos)
+- [#2229](https://github.com/elastisys/compliantkubernetes-apps/pull/2229) - apps-sc: upgraded harbor to v2.11.0 [@Pavan-Gunda](https://github.com/Pavan-Gunda)
+
+### Other(s)
+
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - bin: bugfix for curl installation in requirements [@AlbinB97](https://github.com/AlbinB97)
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - bin: fix for dnsutils requirements script [@AlbinB97](https://github.com/AlbinB97)
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - apps sc: fixed a bug with harbor failing backups [@AlbinB97](https://github.com/AlbinB97)
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - apps sc: fix for harbor-backup job to correctly error when job is not completing [@AlbinB97](https://github.com/AlbinB97)
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - config: increased memory limit of sync resources [@AlbinB97](https://github.com/AlbinB97)
+- [#2231](https://github.com/elastisys/compliantkubernetes-apps/pull/2231) - config: Add tolerations for trivy node-collector [@lucianvlad](https://github.com/lucianvlad)
+- [#2150](https://github.com/elastisys/compliantkubernetes-apps/pull/2150) - bug: Allow changes to pods that are missing network policies when the pods are about to be deleted [@Zash](https://github.com/Zash)
+- [#2158](https://github.com/elastisys/compliantkubernetes-apps/pull/2158) - documentation: docs: Add QA checks for Rclone [@aarnq](https://github.com/aarnq)
+- [#2162](https://github.com/elastisys/compliantkubernetes-apps/pull/2162) - clean-up: Rework provider config templates [@davidumea](https://github.com/davidumea)
+- [#2179](https://github.com/elastisys/compliantkubernetes-apps/pull/2179) - other: Add changelog for release v0.38.1 [@Ajarmar](https://github.com/Ajarmar)
+- [#2180](https://github.com/elastisys/compliantkubernetes-apps/pull/2180) - documentation: Update process for adding release notes for patches [@Ajarmar](https://github.com/Ajarmar)
+- [#2181](https://github.com/elastisys/compliantkubernetes-apps/pull/2181) - bug: Fixed issue with rclone networkpolicies [@Xartos](https://github.com/Xartos)
+- [#2182](https://github.com/elastisys/compliantkubernetes-apps/pull/2182) - bug: Fixed bug in Harbor alert as warned by Thanos [@Xartos](https://github.com/Xartos)
+- [#2183](https://github.com/elastisys/compliantkubernetes-apps/pull/2183) - other: Add migration script for setting ingress-nginx annotations if they are unset [@Ajarmar](https://github.com/Ajarmar)
+- [#2184](https://github.com/elastisys/compliantkubernetes-apps/pull/2184) - bug: bin: bugfix for install-requirements to allow downgrades [@AlbinB97](https://github.com/AlbinB97)
+- [#2186](https://github.com/elastisys/compliantkubernetes-apps/pull/2186) - bug: Preserve empty objects on init [@Zash](https://github.com/Zash)
+- [#2187](https://github.com/elastisys/compliantkubernetes-apps/pull/2187) - bug: Fix bug preventing configuration of PSA level [@simonklb](https://github.com/simonklb)
+- [#2191](https://github.com/elastisys/compliantkubernetes-apps/pull/2191) - bug: apps-wc: Disabled kured alert in WC [@Xartos](https://github.com/Xartos)
+- [#2192](https://github.com/elastisys/compliantkubernetes-apps/pull/2192) - other: Port 0.39.0 [@Ajarmar](https://github.com/Ajarmar) [@anders-elastisys](https://github.com/anders-elastisys) [@robinAwallace](https://github.com/robinAwallace) [@simonklb](https://github.com/simonklb) [@vomba](https://github.com/vomba)
+- [#2196](https://github.com/elastisys/compliantkubernetes-apps/pull/2196) - clean-up: Replace deprecated Angular panels in Daily and Backup Dashboards [@Zash](https://github.com/Zash)
+- [#2198](https://github.com/elastisys/compliantkubernetes-apps/pull/2198) - bug: Fix velero psp [@lunkan93](https://github.com/lunkan93)
+- [#2199](https://github.com/elastisys/compliantkubernetes-apps/pull/2199) - bug: Fix Opensearch test for empty snapshots [@anders-elastisys](https://github.com/anders-elastisys)
+- [#2200](https://github.com/elastisys/compliantkubernetes-apps/pull/2200) - clean-up: Remove some Infra Providers from release template issue [@lucianvlad](https://github.com/lucianvlad)
+- [#2202](https://github.com/elastisys/compliantkubernetes-apps/pull/2202) - bug: Update outdated apache-utils version [@viktor-f](https://github.com/viktor-f)
+- [#2208](https://github.com/elastisys/compliantkubernetes-apps/pull/2208) - bug: config: use wildcard apache2-utils version [@davidumea](https://github.com/davidumea)
+- [#2210](https://github.com/elastisys/compliantkubernetes-apps/pull/2210) - bug: apps sc: Fixed kured alert to not alert for removed nodes [@Xartos](https://github.com/Xartos)
+- [#2213](https://github.com/elastisys/compliantkubernetes-apps/pull/2213) - bug: apps sc: Fixed alert for capi if machinedeployment is 0 replicas [@Xartos](https://github.com/Xartos)
+- [#2214](https://github.com/elastisys/compliantkubernetes-apps/pull/2214) - bug: Fixed bug with fix for capi alert [@Xartos](https://github.com/Xartos)
+- [#2215](https://github.com/elastisys/compliantkubernetes-apps/pull/2215) - bug: Fixed netpol for fluentd-aggregator [@viktor-f](https://github.com/viktor-f)
+- [#2217](https://github.com/elastisys/compliantkubernetes-apps/pull/2217) - bug: apps sc: Fixed some panels in the kubernetes cluster status dashboard [@Xartos](https://github.com/Xartos)
+- [#2218](https://github.com/elastisys/compliantkubernetes-apps/pull/2218) - bug: bin: fix redirecting usage to stderr [@Zash](https://github.com/Zash)
+- [#2219](https://github.com/elastisys/compliantkubernetes-apps/pull/2219) - bug: Rclone sync fixes [@Zash](https://github.com/Zash)
+- [#2222](https://github.com/elastisys/compliantkubernetes-apps/pull/2222) - documentation: docs: remove oidc-users if restoring harbor to new domain [@viktor-f](https://github.com/viktor-f)
+- [#2223](https://github.com/elastisys/compliantkubernetes-apps/pull/2223) - other: bin: Updated kubectl requirement to match kubespray [@Xartos](https://github.com/Xartos)
+- [#2227](https://github.com/elastisys/compliantkubernetes-apps/pull/2227) - documentation: docs: add instructions for restoring harbor between swift and s3 [@viktor-f](https://github.com/viktor-f)
diff --git a/config/common-config.yaml b/config/common-config.yaml
index b91ddf1fb..6be74b991 100644
--- a/config/common-config.yaml
+++ b/config/common-config.yaml
@@ -919,8 +919,10 @@ trivy:
   tolerations: []
   affinity: {}
   nodeCollector:
-    tolerations: []
-
+    tolerations:
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
   # configurations for an offline / air-gapped environment
   # ref: https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm#values
   scanner:
diff --git a/config/sc-config.yaml b/config/sc-config.yaml
index 3bb433b4a..bc6828ad3 100644
--- a/config/sc-config.yaml
+++ b/config/sc-config.yaml
@@ -108,7 +108,7 @@ objectStorage:
         memory: 100Mi
       limits:
         cpu: 300m
-        memory: 300Mi
+        memory: 500Mi
 
 falco:
   ## Falco alerting configuration.
diff --git a/helmfile.d/charts/grafana-dashboards/files/welcome.md b/helmfile.d/charts/grafana-dashboards/files/welcome.md
index 49b5af270..6d9982448 100644
--- a/helmfile.d/charts/grafana-dashboards/files/welcome.md
+++ b/helmfile.d/charts/grafana-dashboards/files/welcome.md
@@ -4,12 +4,13 @@
 
 Here you can find the most relevant features and changes for the last couple of releases of Compliant Kubernetes
 
+- Disabled kured alerts in WC. **[v0.40]**
+- Opensearch and Opensearch dashboards was upgraded to v2.15.0. **[v0.40]**
+- Harbor was upgraded to v2.11.0. **[v0.40]**
+- Dex was upgraded to v2.40.0. **[v0.40]**
 - Trivy Operator was upgraded to v0.20.1. **[v0.39]**
 - Velero was upgraded to v1.13.0. **[v0.39]**
 - Pods can now be granted access to the API of Prometheus from Application Developer namespaces per request. **[v0.39]**
-- Thanos was upgraded to v0.34.1. **[v0.38]**
-- Gatekeeper was upgraded to v3.15.1. **[v0.38]**
-- A new Gatekeeper constraint was added. It will warn if the user tries to deploy a Deployment or StatefulSet with less than 2 replicas. **[v0.38]**
 
 ## Public docs
 
diff --git a/helmfile.d/charts/harbor/harbor-backup/scripts/harbor-backup.sh b/helmfile.d/charts/harbor/harbor-backup/scripts/harbor-backup.sh
index 5eaba23b5..2d17293ca 100644
--- a/helmfile.d/charts/harbor/harbor-backup/scripts/harbor-backup.sh
+++ b/helmfile.d/charts/harbor/harbor-backup/scripts/harbor-backup.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-set -e
+set -e -o pipefail
 : "${PG_HOSTNAME:?Missing PG_HOSTNAME}"
 backup_dir="${BACKUP_DIR:-/backup}"
 dump_dir="${backup_dir}/dbdump"
diff --git a/helmfile.d/charts/harbor/harbor-backup/templates/harbor-backup-job.yaml b/helmfile.d/charts/harbor/harbor-backup/templates/harbor-backup-job.yaml
index e3970f275..506fd467f 100644
--- a/helmfile.d/charts/harbor/harbor-backup/templates/harbor-backup-job.yaml
+++ b/helmfile.d/charts/harbor/harbor-backup/templates/harbor-backup-job.yaml
@@ -20,7 +20,7 @@ spec:
             fsGroup: 1000
           containers:
             - name: run
-              image: ghcr.io/elastisys/backup-postgres:1.4.0
+              image: ghcr.io/elastisys/backup-postgres:1.5.0
               command: ['/bin/bash', '/scripts/harbor-backup.sh']
               env:
               {{- if .Values.s3.enabled }}
diff --git a/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md b/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md
index b18e6a678..b886c0617 100644
--- a/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md
+++ b/helmfile.d/charts/opensearch/configurer/files/dashboards-resources/welcome.md
@@ -4,12 +4,13 @@
 
 Here you can find the most relevant features and changes for the last couple of releases of Compliant Kubernetes
 
+- Disabled kured alerts in WC. **[v0.40]**
+- Opensearch and Opensearch dashboards was upgraded to v2.15.0. **[v0.40]**
+- Harbor was upgraded to v2.11.0. **[v0.40]**
+- Dex was upgraded to v2.40.0. **[v0.40]**
 - Trivy Operator was upgraded to v0.20.1. **[v0.39]**
 - Velero was upgraded to v1.13.0. **[v0.39]**
 - Pods can now be granted access to the API of Prometheus from Application Developer namespaces per request. **[v0.39]**
-- Thanos was upgraded to v0.34.1. **[v0.38]**
-- Gatekeeper was upgraded to v3.15.1. **[v0.38]**
-- A new Gatekeeper constraint was added. It will warn if the user tries to deploy a Deployment or StatefulSet with less than 2 replicas. **[v0.38]**
 
 ## Public docs
 
diff --git a/images/backup-postgres/Dockerfile b/images/backup-postgres/Dockerfile
index 2279aeefa..aef504244 100644
--- a/images/backup-postgres/Dockerfile
+++ b/images/backup-postgres/Dockerfile
@@ -22,6 +22,7 @@ RUN apt-get update     \
     && apt-get update \
     && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \
     && apt-get install --no-install-recommends -y  \
+        postgresql-client-15  \
         postgresql-client-14  \
         postgresql-client-13  \
         postgresql-client-12  \