diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8c3d009d133ba8b951e57d83f17a0ba1d75084ac..3d7985a9df31434e01c4a44d2ca94c5814b0abdb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [4.2.4](https://gitlab.com/to-be-continuous/sonar/compare/4.2.3...4.2.4) (2024-10-20)
+
+
+### Bug Fixes
+
+* **newer-sonar-image:** permissions for custom certificates ([6bc534d](https://gitlab.com/to-be-continuous/sonar/commit/6bc534d7b4df7bb558dd3ca3e9f922ef5ebf0882))
+
 ## [4.2.3](https://gitlab.com/to-be-continuous/sonar/compare/4.2.2...4.2.3) (2024-05-05)
 
 
diff --git a/README.md b/README.md
index 8382a5cb5ea46d9cc7ed37bb513926739341e610..394b7795f912653b629ee82b7b88589ac4edde0a 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ Add the following to your `.gitlab-ci.yml`:
 ```yaml
 include:
   # 1: include the component
-  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar@4.2.3
+  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar@4.2.4
     # 2: set/override component inputs
     inputs:
       host-url: https://sonarqube.acme.host # âš  this is only an example
@@ -30,7 +30,7 @@ Add the following to your `.gitlab-ci.yml`:
 include:
   # 1: include the template
   - project: 'to-be-continuous/sonar'
-    ref: '4.2.3'
+    ref: '4.2.4'
     file: '/templates/gitlab-ci-sonar.yml'
 
 variables:
@@ -115,9 +115,9 @@ With:
 ```yaml
 include:
   # main template
-  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar@4.2.3
+  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar@4.2.4
   # Vault variant
-  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar-vault@4.2.3
+  - component: $CI_SERVER_FQDN/to-be-continuous/sonar/gitlab-ci-sonar-vault@4.2.4
     inputs:
        # audience claim for JWT
       vault-oidc-aud: "https://vault.acme.host"
diff --git a/templates/gitlab-ci-sonar-vault.yml b/templates/gitlab-ci-sonar-vault.yml
index 49c9e142b8a5ea4c39eb9197446d5288f812fa3c..3f7754b5eb11e4d1a833aa317dce9c1ae83cd62b 100644
--- a/templates/gitlab-ci-sonar-vault.yml
+++ b/templates/gitlab-ci-sonar-vault.yml
@@ -22,7 +22,7 @@ variables:
 sonar:
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "sonar", "4.2.3"]
+      command: ["--service", "sonar", "4.2.4"]
     - name: "$TBC_VAULT_IMAGE"
       alias: "vault-secrets-provider"
   variables:
diff --git a/templates/gitlab-ci-sonar.yml b/templates/gitlab-ci-sonar.yml
index 656b46c3f626adaf4c83aa1a4a70c71e98330960..8b34b92370fe2504c169d44733c38a9e2230725e 100644
--- a/templates/gitlab-ci-sonar.yml
+++ b/templates/gitlab-ci-sonar.yml
@@ -393,7 +393,7 @@ sonar:
     entrypoint: [""]
   services:
     - name: "$TBC_TRACKING_IMAGE"
-      command: ["--service", "sonar", "4.2.3"]
+      command: ["--service", "sonar", "4.2.4"]
   variables:
     # see: https://docs.sonarqube.org/latest/analysis/gitlab-integration/#header-4
     SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache