diff --git a/CHANGELOG.md b/CHANGELOG.md
index 3e5b1f1a1e17316db97f455c400e7777672719aa..65b0930f7a1d5b976df0f11395f9d2c5d50f1e3f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [4.0.3](https://gitlab.com/to-be-continuous/node/compare/4.0.2...4.0.3) (2024-11-02)
+
+
+### Bug Fixes
+
+* limit security reports access to developer role or higher ([3d4335f](https://gitlab.com/to-be-continuous/node/commit/3d4335fd9d46070720de57cda656c2570dd9efa2))
+
 ## [4.0.2](https://gitlab.com/to-be-continuous/node/compare/4.0.1...4.0.2) (2024-10-04)
 
 
diff --git a/README.md b/README.md
index bac6d01de77eeb22c404fec907f9cb128040d0c8..a676dae7b46ba1c243e8f68b499c8a2e29b3bc41 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.3
     # 2: set/override component inputs
     inputs:
       image: "registry.hub.docker.com/library/node:20" # ⚠ this is only an example
@@ -506,9 +506,9 @@ With:
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node@4.0.3
   # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.0.2
+  - component: $CI_SERVER_FQDN/to-be-continuous/node/gitlab-ci-node-vault@4.0.3
     inputs:
       # audience claim for JWT
       vault-oidc-aud: "https://vault.acme.host"
diff --git a/templates/gitlab-ci-node-vault.yml b/templates/gitlab-ci-node-vault.yml
index 623ad8442964cd546f9615453961062791e49fad..4e151c89c22c747418baf87ffe73a486f852e1ef 100644
--- a/templates/gitlab-ci-node-vault.yml
+++ b/templates/gitlab-ci-node-vault.yml
@@ -22,7 +22,7 @@ variables:
 .node-base:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "node", "4.0.2"]
+      command: ["--service", "node", "4.0.3"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:
diff --git a/templates/gitlab-ci-node.yml b/templates/gitlab-ci-node.yml
index 1d2cbb69fe7df956a49d69d0d5c241b53cc4b3c0..92c5e7d4ee6169f46262a323403c7f1cdea9504f 100644
--- a/templates/gitlab-ci-node.yml
+++ b/templates/gitlab-ci-node.yml
@@ -616,7 +616,7 @@ stages:
   image: $NODE_IMAGE
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "node", "4.0.2"]
+      command: ["--service", "node", "4.0.3"]
   variables:
     # Yarn cache (better than --cache-folder option, deprecated)
     YARN_CACHE_FOLDER: "$CI_PROJECT_DIR/$NODE_PROJECT_DIR/.yarn"