diff --git a/CHANGELOG.md b/CHANGELOG.md
index 047c05605..b9f0e80a8 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 All notable changes to this project will be documented in this file.
 
+## 3.4.2
+
+- [spring-security]
+  - fixes a NPE bug introduced in the `HybridJwtDecoder` when the incoming request does not
+    contain `x-forwarded-client-cert` header
+  - `SecurityContextAutoConfiguration` which synchronises all SecurityContexts is now enabled by default. To disable it
+    set the `sap.spring.security.hybrid.sync_securitycontext` spring property to false
+
 ## 3.4.1
 
 - [spring-security] fixes a NPE bug introduced in the `IasJwtDecoder` when the incoming request does not
diff --git a/README.md b/README.md
index d298ce6db..0ad4cc6a9 100644
--- a/README.md
+++ b/README.md
@@ -126,7 +126,7 @@ The SAP Cloud Security Services Integration is published to maven central: https
         <dependency>
             <groupId>com.sap.cloud.security</groupId>
             <artifactId>java-bom</artifactId>
-            <version>3.4.1</version>
+            <version>3.4.2</version>
             <scope>import</scope>
             <type>pom</type>
         </dependency>
diff --git a/bom/pom.xml b/bom/pom.xml
index d8e1e2f17..2f61b4646 100644
--- a/bom/pom.xml
+++ b/bom/pom.xml
@@ -8,7 +8,7 @@
 
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-bom</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <packaging>pom</packaging>
     <name>java-bom</name>
 
diff --git a/env/pom.xml b/env/pom.xml
index 920e6a7d0..266712435 100644
--- a/env/pom.xml
+++ b/env/pom.xml
@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>3.4.1</version>
+        <version>3.4.2</version>
     </parent>
 
     <groupId>com.sap.cloud.security</groupId>
diff --git a/java-api/README.md b/java-api/README.md
index ab076a5c3..aea232e91 100644
--- a/java-api/README.md
+++ b/java-api/README.md
@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-api</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 ```
diff --git a/java-api/pom.xml b/java-api/pom.xml
index 3f9d0dd08..f3d4f01a6 100644
--- a/java-api/pom.xml
+++ b/java-api/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
diff --git a/java-security-it/pom.xml b/java-security-it/pom.xml
index 8d3237143..4bcecf07e 100644
--- a/java-security-it/pom.xml
+++ b/java-security-it/pom.xml
@@ -9,7 +9,7 @@
     <parent>
         <artifactId>parent</artifactId>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
-        <version>3.4.1</version>
+        <version>3.4.2</version>
     </parent>
 
     <artifactId>java-security-it</artifactId>
diff --git a/java-security-test/README.md b/java-security-test/README.md
index 4eecba9ac..9572d6173 100644
--- a/java-security-test/README.md
+++ b/java-security-test/README.md
@@ -39,9 +39,9 @@ It is pre-configured with a security filter that only accepts valid tokens. Furt
 ```xml
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
-    <artifactId>java-security-test</artifactId>
-    <version>3.4.1</version>
-    <scope>test</scope>
+   <artifactId>java-security-test</artifactId>
+   <version>3.4.2</version>
+   <scope>test</scope>
 </dependency>
 ```
 
diff --git a/java-security-test/pom.xml b/java-security-test/pom.xml
index 80cd5295d..907c19d8f 100644
--- a/java-security-test/pom.xml
+++ b/java-security-test/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
diff --git a/java-security/README.md b/java-security/README.md
index 3dfbcc77b..027f614cb 100644
--- a/java-security/README.md
+++ b/java-security/README.md
@@ -67,7 +67,7 @@ To be able to validate tokens it performs the following tasks:
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-security</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>
diff --git a/java-security/pom.xml b/java-security/pom.xml
index 65025d403..340aa579e 100644
--- a/java-security/pom.xml
+++ b/java-security/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
diff --git a/pom.xml b/pom.xml
index 613d25cfc..500707e59 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
 
 	<groupId>com.sap.cloud.security.xsuaa</groupId>
 	<artifactId>parent</artifactId>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 	<packaging>pom</packaging>
 
 	<name>parent</name>
diff --git a/samples/java-security-usage-ias/pom.xml b/samples/java-security-usage-ias/pom.xml
index 613a38def..7ff53483c 100755
--- a/samples/java-security-usage-ias/pom.xml
+++ b/samples/java-security-usage-ias/pom.xml
@@ -6,13 +6,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage-ias</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <packaging>war</packaging>
 
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+        <sap.cloud.security.version>3.4.2</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>
diff --git a/samples/java-security-usage/pom.xml b/samples/java-security-usage/pom.xml
index d50205b28..9fbd88dcf 100755
--- a/samples/java-security-usage/pom.xml
+++ b/samples/java-security-usage/pom.xml
@@ -6,7 +6,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-security-usage</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <packaging>war</packaging>
 
     <!--profiles>
@@ -27,7 +27,7 @@
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+        <sap.cloud.security.version>3.4.2</sap.cloud.security.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>
diff --git a/samples/java-tokenclient-usage/pom.xml b/samples/java-tokenclient-usage/pom.xml
index f81a1c856..ccf20d4b3 100755
--- a/samples/java-tokenclient-usage/pom.xml
+++ b/samples/java-tokenclient-usage/pom.xml
@@ -6,13 +6,13 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>com.sap.cloud.security.xssec.samples</groupId>
     <artifactId>java-tokenclient-usage</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <packaging>war</packaging>
 
     <properties>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+        <sap.cloud.security.version>3.4.2</sap.cloud.security.version>
         <apache.httpclient.version>4.5.14</apache.httpclient.version>
         <jakarta.servlet.api.version>6.0.0</jakarta.servlet.api.version>
         <slf4j.api.version>2.0.5</slf4j.api.version>
diff --git a/samples/sap-java-buildpack-api-usage/pom.xml b/samples/sap-java-buildpack-api-usage/pom.xml
index d4aac5f4a..b79afb318 100755
--- a/samples/sap-java-buildpack-api-usage/pom.xml
+++ b/samples/sap-java-buildpack-api-usage/pom.xml
@@ -6,7 +6,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.sap.cloud.security.xssec.samples</groupId>
 	<artifactId>sap-java-buildpack-api-usage</artifactId>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 	<packaging>war</packaging>
 
 	<properties>
diff --git a/samples/spring-security-basic-auth/pom.xml b/samples/spring-security-basic-auth/pom.xml
index 41536cfcd..63af11e09 100644
--- a/samples/spring-security-basic-auth/pom.xml
+++ b/samples/spring-security-basic-auth/pom.xml
@@ -13,14 +13,14 @@
 	</parent>
 
 	<artifactId>spring-security-basic-auth</artifactId>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 	<name>spring-security-basic-auth</name>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+		<sap.cloud.security.version>3.4.2</sap.cloud.security.version>
 	</properties>
 
 	<dependencyManagement>
@@ -72,7 +72,7 @@
 		<dependency>
 			<groupId>com.sap.cloud.security</groupId>
 			<artifactId>java-security-test</artifactId>
-			<version>3.4.1</version>
+			<version>3.4.2</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
diff --git a/samples/spring-security-hybrid-usage/pom.xml b/samples/spring-security-hybrid-usage/pom.xml
index 7fbb08750..e79c016fe 100644
--- a/samples/spring-security-hybrid-usage/pom.xml
+++ b/samples/spring-security-hybrid-usage/pom.xml
@@ -16,7 +16,7 @@
 
 	<groupId>com.sap.cloud.security.samples</groupId>
 	<artifactId>spring-security-hybrid-usage</artifactId>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 
 	<properties>
 		<!-- 
@@ -28,7 +28,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+		<sap.cloud.security.version>3.4.2</sap.cloud.security.version>
 		<apache.httpclient.version>4.5.14</apache.httpclient.version>
 	</properties>
 
diff --git a/samples/spring-security-xsuaa-usage/pom.xml b/samples/spring-security-xsuaa-usage/pom.xml
index 2a2dd31f2..fab1831ba 100644
--- a/samples/spring-security-xsuaa-usage/pom.xml
+++ b/samples/spring-security-xsuaa-usage/pom.xml
@@ -16,7 +16,7 @@
 
 	<groupId>com.sap.cloud.security.samples</groupId>
 	<artifactId>spring-security-xsuaa-usage</artifactId>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 	<name>spring-security-xsuaa-usage</name>
 
 	<properties>
@@ -29,7 +29,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+		<sap.cloud.security.version>3.4.2</sap.cloud.security.version>
 		<http.client5>5.2.1</http.client5>
 	</properties>
 
diff --git a/samples/spring-webflux-security-hybrid-usage/pom.xml b/samples/spring-webflux-security-hybrid-usage/pom.xml
index 7211b3740..032b118d9 100644
--- a/samples/spring-webflux-security-hybrid-usage/pom.xml
+++ b/samples/spring-webflux-security-hybrid-usage/pom.xml
@@ -14,12 +14,12 @@
 
     <groupId>com.sap.cloud.security.samples</groupId>
     <artifactId>spring-webflux-security-hybrid-usage</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <name>spring-webflux-security-hybrid-usage</name>
 
     <properties>
         <java.version>17</java.version>
-        <sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+        <sap.cloud.security.version>3.4.2</sap.cloud.security.version>
     </properties>
 
     <dependencyManagement>
diff --git a/spring-security-compatibility/pom.xml b/spring-security-compatibility/pom.xml
index 0ceb55cbc..9f40253a1 100644
--- a/spring-security-compatibility/pom.xml
+++ b/spring-security-compatibility/pom.xml
@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>3.4.1</version>
+        <version>3.4.2</version>
     </parent>
 
     <groupId>com.sap.cloud.security.xsuaa</groupId>
diff --git a/spring-security-starter/pom.xml b/spring-security-starter/pom.xml
index 2ae435b34..a8b2b69a4 100644
--- a/spring-security-starter/pom.xml
+++ b/spring-security-starter/pom.xml
@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
diff --git a/spring-security/Migration_SpringXsuaaProjects.md b/spring-security/Migration_SpringXsuaaProjects.md
index 05f10f0de..d05a00936 100644
--- a/spring-security/Migration_SpringXsuaaProjects.md
+++ b/spring-security/Migration_SpringXsuaaProjects.md
@@ -157,7 +157,7 @@ It is provided in an extra module. This maven dependency needs to be provided ad
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-security-compatibility</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 ```
 
diff --git a/spring-security/README.md b/spring-security/README.md
index 96c4c0f1f..8dcb00c8c 100644
--- a/spring-security/README.md
+++ b/spring-security/README.md
@@ -67,7 +67,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>resourceserver-security-spring-boot-starter</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 ```
 
diff --git a/spring-security/pom.xml b/spring-security/pom.xml
index d2774e175..e3fa6914d 100644
--- a/spring-security/pom.xml
+++ b/spring-security/pom.xml
@@ -9,13 +9,13 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>
 	<artifactId>spring-security</artifactId>
 	<packaging>jar</packaging>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 
 	<dependencies>
 <!--		TODO remove once spring-security-oauth2-jose has a newer version with updated nimbus dependency-->
diff --git a/spring-xsuaa-it/pom.xml b/spring-xsuaa-it/pom.xml
index 5f4494c70..2be47ab24 100644
--- a/spring-xsuaa-it/pom.xml
+++ b/spring-xsuaa-it/pom.xml
@@ -14,12 +14,12 @@
 
 	<artifactId>spring-xsuaa-it</artifactId>
 	<name>spring-xsuaa-it</name>
-	<version>3.4.1</version>
+	<version>3.4.2</version>
 
 	<properties>
 		<mockwebserver.version>4.10.0</mockwebserver.version>
 		<java.version>17</java.version>
-		<sap.cloud.security.version>3.4.1</sap.cloud.security.version>
+		<sap.cloud.security.version>3.4.2</sap.cloud.security.version>
 	</properties>
 
 	<dependencyManagement>
diff --git a/spring-xsuaa-starter/pom.xml b/spring-xsuaa-starter/pom.xml
index c25c7566c..a4857c0f0 100644
--- a/spring-xsuaa-starter/pom.xml
+++ b/spring-xsuaa-starter/pom.xml
@@ -16,7 +16,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<artifactId>xsuaa-spring-boot-starter</artifactId>
diff --git a/spring-xsuaa-test/README.md b/spring-xsuaa-test/README.md
index b416dc3ff..f6e387e50 100644
--- a/spring-xsuaa-test/README.md
+++ b/spring-xsuaa-test/README.md
@@ -31,7 +31,7 @@ This includes for example a `JwtGenerator` that generates JSON Web Tokens (JWT)
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa-test</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
     <scope>test</scope>
 </dependency>
 
diff --git a/spring-xsuaa-test/pom.xml b/spring-xsuaa-test/pom.xml
index 6aab73d71..948de584a 100644
--- a/spring-xsuaa-test/pom.xml
+++ b/spring-xsuaa-test/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<artifactId>spring-xsuaa-test</artifactId>
diff --git a/spring-xsuaa/README.md b/spring-xsuaa/README.md
index e907a99cc..afe6f6cce 100644
--- a/spring-xsuaa/README.md
+++ b/spring-xsuaa/README.md
@@ -39,7 +39,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>spring-xsuaa</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 <dependency> <!-- new with version 1.5.0 -->
     <groupId>org.apache.logging.log4j</groupId>
@@ -53,7 +53,7 @@ These (spring) dependencies need to be provided:
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>xsuaa-spring-boot-starter</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 ```
 
diff --git a/spring-xsuaa/pom.xml b/spring-xsuaa/pom.xml
index a1101a985..f891801ef 100644
--- a/spring-xsuaa/pom.xml
+++ b/spring-xsuaa/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<artifactId>spring-xsuaa</artifactId>
diff --git a/token-client/README.md b/token-client/README.md
index 54a9ba22c..944471221 100644
--- a/token-client/README.md
+++ b/token-client/README.md
@@ -49,7 +49,7 @@ In context of a Spring Boot application you can leverage autoconfiguration provi
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>resourceserver-security-spring-boot-starter</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 ```
 In context of Spring Applications you will need the following dependencies:
@@ -57,7 +57,7 @@ In context of Spring Applications you will need the following dependencies:
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>token-client</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>
@@ -124,7 +124,7 @@ See the [OAuth2ServiceConfiguration](#oauth2serviceconfiguration) section and [H
 <dependency>
     <groupId>com.sap.cloud.security.xsuaa</groupId>
     <artifactId>token-client</artifactId>
-    <version>3.4.1</version>
+    <version>3.4.2</version>
 </dependency>
 <dependency>
     <groupId>org.apache.httpcomponents</groupId>
diff --git a/token-client/pom.xml b/token-client/pom.xml
index b38ebe9a3..71c25acc4 100644
--- a/token-client/pom.xml
+++ b/token-client/pom.xml
@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.4.1</version>
+		<version>3.4.2</version>
 	</parent>
 
 	<artifactId>token-client</artifactId>