diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index ade92c0ae..3b6834616 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -11,7 +11,7 @@ on:
     branches:
       - "master"
   release:
-    types: [released,prereleased]
+    types: [released, prereleased]
 
 env:
   REGISTRY: ghcr.io/${{ github.repository_owner }}
@@ -262,11 +262,11 @@ jobs:
       id-token: write
       contents: read
       packages: read
-    needs: [ test-e2e, build ]
+    needs: [test-e2e, build]
     runs-on: ubuntu-latest
 
     env:
-      TAILSCALE_VERSION: 1.52.1
+      TAILSCALE_VERSION: 1.54.0
       HELMFILE_VERSION: v0.158.1
       HELM_VERSION: v3.13.2
       TAG: ${{ needs.build.outputs.image_version }}
diff --git a/helm/keycloak/Chart.lock b/helm/keycloak/Chart.lock
index ebf14f1fa..58e2ac615 100644
--- a/helm/keycloak/Chart.lock
+++ b/helm/keycloak/Chart.lock
@@ -4,9 +4,9 @@ dependencies:
   version: 2.13.3
 - name: keycloakx
   repository: https://codecentric.github.io/helm-charts
-  version: 2.2.2
+  version: 2.3.0
 - name: keycloak-config-cli
   repository: git+https://github.com/didx-xyz/keycloak-config-cli@contrib/charts?ref=init-containers&sparse=0
   version: 5.8.1-SNAPSHOT
-digest: sha256:5005b9a70b9666d8cafe2e2a5d87eb135ce43c78693f3ebdd04c2a8814e37ecd
-generated: "2023-11-10T16:21:18.435932+02:00"
+digest: sha256:8be440d990f8aea69573e99b268d7b418e7f24e53c815de5d9b50bd67b935a22
+generated: "2023-11-22T15:07:27.595353+02:00"
diff --git a/helm/keycloak/Chart.yaml b/helm/keycloak/Chart.yaml
index 94499200c..d25deb054 100644
--- a/helm/keycloak/Chart.yaml
+++ b/helm/keycloak/Chart.yaml
@@ -2,17 +2,18 @@ apiVersion: v2
 name: keycloak
 description: A Wrapper Helm chart for Keycloakx in Kubernetes
 type: application
-version: 0.3.2
-appVersion: 22.0.1
+version: 0.4.0
+appVersion: 22.0.4
 
 dependencies:
+  # https://github.com/bitnami/charts/tree/main/bitnami/common
   - name: common
     version: 2.13.3
     repository: oci://registry-1.docker.io/bitnamicharts
 
   # https://github.com/codecentric/helm-charts/tree/master/charts/keycloakx
   - name: keycloakx
-    version: 2.2.2
+    version: 2.3.0
     repository: https://codecentric.github.io/helm-charts
     alias: keycloak
     condition: keycloak.enabled
diff --git a/helm/keycloak/values.yaml b/helm/keycloak/values.yaml
index 18da3c2e9..2f18608ff 100644
--- a/helm/keycloak/values.yaml
+++ b/helm/keycloak/values.yaml
@@ -128,7 +128,7 @@ keycloak:
   replicas: 1
 
   image:
-    tag: 22.0.1
+    tag: 22.0.4
 
   command:
     - "/opt/keycloak/bin/kc.sh"
@@ -163,7 +163,7 @@ keycloak:
     runAsNonRoot: true
 
   webhook:
-    version: 0.3.0
+    version: 0.4.0
   themes:
     enabled: false
     ref: develop
@@ -300,7 +300,8 @@ keycloak:
     tags.datadoghq.com/version: '{{ default .Chart.AppVersion .Values.image.tag }}'
     admission.datadoghq.com/enabled: "false" # disabled by default (for now)
   podAnnotations:
-    admission.datadoghq.com/java-lib.version: v1.20.0
+    # https://gcr.io/datadoghq/dd-lib-java-init
+    admission.datadoghq.com/java-lib.version: v1.24.2
     ad.datadoghq.com/keycloak.logs: '[{ "service": "keycloak", "source": "jboss_wildfly"}]'
 
   resources:
@@ -374,7 +375,7 @@ config-cli:
   enabled: false
 
   image:
-    tag: 5.8.0-22.0.0
+    tag: 5.9.0-22.0.4
 
   env:
     KEYCLOAK_AVAILABILITYCHECK_ENABLED: "true"
diff --git a/src/api/docker-compose.yml b/src/api/docker-compose.yml
index f992ba655..55e7efea2 100644
--- a/src/api/docker-compose.yml
+++ b/src/api/docker-compose.yml
@@ -57,9 +57,9 @@ services:
     container_name: keycloak-init
     user: root
     command: |
-      sh -c 'curl -L https://github.com/vymalo/keycloak-webhook/releases/download/v0.3.0/keycloak-webhook-0.3.0-all.jar \
-      -o /opt/keycloak/providers/keycloak-webhook-0.3.0.jar && \
-      chown 1000:1000 /opt/keycloak/providers/keycloak-webhook-0.3.0.jar'
+      sh -c 'curl -L https://github.com/vymalo/keycloak-webhook/releases/download/v0.4.0/keycloak-webhook-0.4.0-all.jar \
+      -o /opt/keycloak/providers/keycloak-webhook-0.4.0.jar && \
+      chown 1000:1000 /opt/keycloak/providers/keycloak-webhook-0.4.0.jar'
     volumes:
       - keycloak:/opt/keycloak/providers
 
@@ -81,8 +81,8 @@ services:
       retries: 3
 
   keycloak: # Local Keycloak server
-    # https://github.com/adorsys/keycloak-config-cli/pull/928
-    image: quay.io/keycloak/keycloak:22.0.1
+    # Pinned to 22.0.4 due to https://github.com/keycloak/keycloak/issues/23943
+    image: quay.io/keycloak/keycloak:22.0.4
     container_name: keycloak
     environment:
       WEBHOOK_EVENTS_TAKEN: "LOGIN,REGISTER,LOGOUT,UPDATE_PROFILE"
@@ -124,7 +124,7 @@ services:
         condition: service_started
 
   keycloak-config: # Import Keycloak configuration
-    image: adorsys/keycloak-config-cli:5.8.0-22.0.0
+    image: adorsys/keycloak-config-cli:5.9.0-22.0.4
     container_name: keycloak-config
     environment:
       KEYCLOAK_URL: "http://keycloak:8080/"