From b1ec3b2adb603925401f2fc2177bc69e9f551b3f Mon Sep 17 00:00:00 2001
From: CDR Open Source <opensource@cdr.gov.au>
Date: Mon, 8 Dec 2025 00:36:49 +0000
Subject: [PATCH] v3.03 release

---
 .azuredevops/pipelines/build-dcr-func.yml     |  7 ++++--
 .azuredevops/pipelines/build-dh-func.yml      |  7 ++++--
 .azuredevops/pipelines/dotnet.yml             |  5 +++-
 .github/workflows/codeql-analysis.yml         |  8 +++----
 .github/workflows/dotnet.yml                  |  3 +--
 .github/workflows/test-report.yml             |  6 ++---
 CHANGELOG.md                                  |  6 +++++
 Source/CDR.DCR/CDR.DCR.csproj                 |  2 +-
 Source/CDR.DCR/DCROptions.cs                  |  1 -
 .../Properties/serviceDependencies.json       |  4 ++--
 .../Properties/serviceDependencies.local.json |  4 ++--
 Source/CDR.DCR/appsettings.docker.json        |  1 -
 Source/CDR.DCR/local.settings.json            |  1 -
 .../CDR.DataRecipient.E2ETests.csproj         |  6 ++---
 .../CDR.DataRecipient.IntegrationTests.csproj |  8 +++----
 .../CDR.DataRecipient.Repository.SQL.csproj   |  2 +-
 .../CDR.DataRecipient.SDK.csproj              |  4 ++--
 .../Models/Certificate.cs                     | 19 +++++++++++----
 .../Services/Register/InfosecService.cs       | 23 +++++++++++++++----
 .../Services/Register/SsaService.cs           |  2 ++
 .../CDR.DataRecipient.Web.csproj              |  4 ++--
 Source/CDR.DataRecipient.Web/appsettings.json |  4 +++-
 .../CDR.DiscoverDataHolders.csproj            |  2 +-
 Source/CDR.DiscoverDataHolders/DHOptions.cs   |  1 -
 .../Properties/serviceDependencies.json       |  4 ++--
 .../Properties/serviceDependencies.local.json |  4 ++--
 .../appsettings.docker.json                   |  1 -
 .../local.settings.json                       |  1 -
 Source/Directory.Build.props                  |  2 +-
 29 files changed, 90 insertions(+), 52 deletions(-)

diff --git a/.azuredevops/pipelines/build-dcr-func.yml b/.azuredevops/pipelines/build-dcr-func.yml
index 28cd2f0..9122b81 100644
--- a/.azuredevops/pipelines/build-dcr-func.yml
+++ b/.azuredevops/pipelines/build-dcr-func.yml
@@ -10,9 +10,12 @@ trigger:
   - develop
   - main
   - releases/*  
-  
+
+variables:
+  - group: PT-Pipeline-Common
+
 pool:
-  vmImage: windows-latest
+  vmImage: $(Pipeline_Host_Image)
 
 steps:
   - task: UseDotNet@2
diff --git a/.azuredevops/pipelines/build-dh-func.yml b/.azuredevops/pipelines/build-dh-func.yml
index 8927d6c..ab0572a 100644
--- a/.azuredevops/pipelines/build-dh-func.yml
+++ b/.azuredevops/pipelines/build-dh-func.yml
@@ -9,10 +9,13 @@ schedules:
 trigger:
   - develop
   - main
-  - releases/*  
+  - releases/* 
+
+variables:
+  - group: PT-Pipeline-Common   
   
 pool:
-  vmImage: windows-latest
+  vmImage: $(Pipeline_Host_Image)
 
 steps:
   - task: UseDotNet@2
diff --git a/.azuredevops/pipelines/dotnet.yml b/.azuredevops/pipelines/dotnet.yml
index fe91fff..d747f34 100644
--- a/.azuredevops/pipelines/dotnet.yml
+++ b/.azuredevops/pipelines/dotnet.yml
@@ -12,8 +12,11 @@ resources:
 trigger:
   - develop  
 
+variables:
+  - group: PT-Pipeline-Common
+
 pool:
-  vmImage: windows-2019
+  vmImage: $(Pipeline_Host_Image)
 
 steps:
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index eb3bd9e..ae2d76e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -55,11 +55,11 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -70,7 +70,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell
     # 📚 https://git.io/JvXDl
@@ -84,4 +84,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/dotnet.yml b/.github/workflows/dotnet.yml
index 6624da4..1976cd5 100644
--- a/.github/workflows/dotnet.yml
+++ b/.github/workflows/dotnet.yml
@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Checkout Data Recipient
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         path: ./mock-data-recipient
 
@@ -196,4 +196,3 @@ jobs:
       with:
         name: integration-test-artifacts
         path: ${{ github.workspace }}/mock-data-recipient/Source/DockerCompose/_temp/mock-register/tmp
-
diff --git a/.github/workflows/test-report.yml b/.github/workflows/test-report.yml
index 3414539..ba43d14 100644
--- a/.github/workflows/test-report.yml
+++ b/.github/workflows/test-report.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     
     - name: Publish Unit Test Report
       uses: dorny/test-reporter@v1
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     
     - name: Publish Integration Test Report
       uses: dorny/test-reporter@v1
@@ -39,7 +39,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     
     - name: Publish e2e Test Report
       uses: dorny/test-reporter@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index e597c4d..b265536 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+## [3.0.3] - 2025-12-03
+### Fixed
+- Upgrade multiple packages to address vulnerabilities
+- Fixed issue where SSA response could not be processed due to quotes in the response
+- Fix casing for the claims and other elements in JWT
+
 ## [3.0.2] - 2025-08-06
 ### Fixed
 - Fixed issue where some claims in the PAR request were not sent in lowercase.
diff --git a/Source/CDR.DCR/CDR.DCR.csproj b/Source/CDR.DCR/CDR.DCR.csproj
index 2e637ab..a43ba0d 100644
--- a/Source/CDR.DCR/CDR.DCR.csproj
+++ b/Source/CDR.DCR/CDR.DCR.csproj
@@ -14,7 +14,7 @@
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.22.0" />
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.17.4" />
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore" Version="1.3.2" />
-	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues" Version="5.4.0" />
+	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Storage.Queues" Version="5.5.3" />
 	  <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
   </ItemGroup>
   <ItemGroup>
diff --git a/Source/CDR.DCR/DCROptions.cs b/Source/CDR.DCR/DCROptions.cs
index c72e480..6eab03a 100644
--- a/Source/CDR.DCR/DCROptions.cs
+++ b/Source/CDR.DCR/DCROptions.cs
@@ -2,7 +2,6 @@
 {
     public class DcrOptions
     {
-        public string AzureWebJobsStorage { get; set; }
         public string StorageConnectionString { get; set; }
         public string FUNCTIONS_WORKER_RUNTIME { get; set; }
         public string DataRecipient_DB_ConnectionString { get; set; }
diff --git a/Source/CDR.DCR/Properties/serviceDependencies.json b/Source/CDR.DCR/Properties/serviceDependencies.json
index df4dcc9..9ace888 100644
--- a/Source/CDR.DCR/Properties/serviceDependencies.json
+++ b/Source/CDR.DCR/Properties/serviceDependencies.json
@@ -4,8 +4,8 @@
       "type": "appInsights"
     },
     "storage1": {
-      "type": "storage",
-      "connectionId": "AzureWebJobsStorage"
+        "type": "storage",
+        "connectionId": "StorageConnectionString"
     }
   }
 }
\ No newline at end of file
diff --git a/Source/CDR.DCR/Properties/serviceDependencies.local.json b/Source/CDR.DCR/Properties/serviceDependencies.local.json
index 155d87e..a6685be 100644
--- a/Source/CDR.DCR/Properties/serviceDependencies.local.json
+++ b/Source/CDR.DCR/Properties/serviceDependencies.local.json
@@ -1,8 +1,8 @@
 {
   "dependencies": {
     "storage1": {
-      "type": "storage.emulator",
-      "connectionId": "AzureWebJobsStorage"
+        "type": "storage.emulator",
+        "connectionId": "StorageConnectionString"
     }
   }
 }
\ No newline at end of file
diff --git a/Source/CDR.DCR/appsettings.docker.json b/Source/CDR.DCR/appsettings.docker.json
index 97dc880..a5fbaa8 100644
--- a/Source/CDR.DCR/appsettings.docker.json
+++ b/Source/CDR.DCR/appsettings.docker.json
@@ -1,5 +1,4 @@
 {
-  "AzureWebJobsStorage": "UseDevelopmentStorage=true",
   "StorageConnectionString": "UseDevelopmentStorage=true",
   "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
   "DataRecipient_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
diff --git a/Source/CDR.DCR/local.settings.json b/Source/CDR.DCR/local.settings.json
index fa822b2..cc52e46 100644
--- a/Source/CDR.DCR/local.settings.json
+++ b/Source/CDR.DCR/local.settings.json
@@ -1,7 +1,6 @@
 {
   "IsEncrypted": false,
   "Values": {
-    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
     "StorageConnectionString": "UseDevelopmentStorage=true",
     "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
     "DataRecipient_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
diff --git a/Source/CDR.DataRecipient.E2ETests/CDR.DataRecipient.E2ETests.csproj b/Source/CDR.DataRecipient.E2ETests/CDR.DataRecipient.E2ETests.csproj
index b61d404..aa41951 100644
--- a/Source/CDR.DataRecipient.E2ETests/CDR.DataRecipient.E2ETests.csproj
+++ b/Source/CDR.DataRecipient.E2ETests/CDR.DataRecipient.E2ETests.csproj
@@ -21,17 +21,17 @@
     </Content>
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.12.0" />
+    <PackageReference Include="Azure.Identity" Version="1.17.0" />
     <PackageReference Include="FluentAssertions" Version="6.12.0" />
     <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
     <PackageReference Include="Microsoft.Playwright" Version="1.43.0" />
-    <PackageReference Include="xunit" Version="2.9.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="6.0.2">
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/Source/CDR.DataRecipient.IntegrationTests/CDR.DataRecipient.IntegrationTests.csproj b/Source/CDR.DataRecipient.IntegrationTests/CDR.DataRecipient.IntegrationTests.csproj
index d2108e7..d85fa96 100644
--- a/Source/CDR.DataRecipient.IntegrationTests/CDR.DataRecipient.IntegrationTests.csproj
+++ b/Source/CDR.DataRecipient.IntegrationTests/CDR.DataRecipient.IntegrationTests.csproj
@@ -11,20 +11,20 @@
     <None Remove="appsettings.Release.json" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.12.0" />
+    <PackageReference Include="Azure.Identity" Version="1.17.0" />
     <PackageReference Include="FluentAssertions" Version="6.12.0" />
-    <PackageReference Include="jose-jwt" Version="5.0.0" />
+    <PackageReference Include="jose-jwt" Version="5.2.0" />
     <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
     <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.0.0" />
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.0.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
-    <PackageReference Include="xunit" Version="2.9.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="coverlet.collector" Version="6.0.2">
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/Source/CDR.DataRecipient.Repository.SQL/CDR.DataRecipient.Repository.SQL.csproj b/Source/CDR.DataRecipient.Repository.SQL/CDR.DataRecipient.Repository.SQL.csproj
index de85dbf..ed2bb87 100644
--- a/Source/CDR.DataRecipient.Repository.SQL/CDR.DataRecipient.Repository.SQL.csproj
+++ b/Source/CDR.DataRecipient.Repository.SQL/CDR.DataRecipient.Repository.SQL.csproj
@@ -19,7 +19,7 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
     <PackageReference Include="SonarAnalyzer.CSharp" Version="9.32.0.97167">
         <PrivateAssets>all</PrivateAssets>
         <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/Source/CDR.DataRecipient.SDK/CDR.DataRecipient.SDK.csproj b/Source/CDR.DataRecipient.SDK/CDR.DataRecipient.SDK.csproj
index 862401d..b4f8f35 100644
--- a/Source/CDR.DataRecipient.SDK/CDR.DataRecipient.SDK.csproj
+++ b/Source/CDR.DataRecipient.SDK/CDR.DataRecipient.SDK.csproj
@@ -7,12 +7,12 @@
 	<GenerateDocumentationFile>True</GenerateDocumentationFile>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="jose-jwt" Version="5.0.0" />
+    <PackageReference Include="jose-jwt" Version="5.2.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.2" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="8.0.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
     <PackageReference Include="SonarAnalyzer.CSharp" Version="9.32.0.97167">
         <PrivateAssets>all</PrivateAssets>
         <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
diff --git a/Source/CDR.DataRecipient.SDK/Models/Certificate.cs b/Source/CDR.DataRecipient.SDK/Models/Certificate.cs
index cbc3cfb..78733c4 100644
--- a/Source/CDR.DataRecipient.SDK/Models/Certificate.cs
+++ b/Source/CDR.DataRecipient.SDK/Models/Certificate.cs
@@ -1,4 +1,4 @@
-using System.Net;
+using System;
 using System.Net.Http;
 using System.Security.Cryptography.X509Certificates;
 using System.Threading.Tasks;
@@ -15,11 +15,14 @@ public class Certificate
 
         public string Password { get; set; }
 
+        public string KVSecretsStorePath { get; set; }
+
         public X509Certificate2 X509Certificate
         {
             get
             {
-                if (this._certificate != null)
+                // if we already have a cert return it. But for KVSecretsStorePath we always fetch a new one incase cert was updated.
+                if (this._certificate != null && string.IsNullOrEmpty(this.KVSecretsStorePath))
                 {
                     return this._certificate;
                 }
@@ -28,12 +31,20 @@ public X509Certificate2 X509Certificate
                 {
                     this._certificate = new X509Certificate2(this.Path, this.Password, X509KeyStorageFlags.Exportable);
                 }
-
-                if (!string.IsNullOrEmpty(this.Url) && !string.IsNullOrEmpty(this.Password))
+                else if (!string.IsNullOrEmpty(this.Url) && !string.IsNullOrEmpty(this.Password))
                 {
                     // Retrieve the raw bytes from the URL value.
                     this._certificate = new X509Certificate2(DownloadData(this.Url), this.Password, X509KeyStorageFlags.Exportable);
                 }
+                else if (!string.IsNullOrEmpty(this.KVSecretsStorePath))
+                {
+                    var certString = System.IO.File.ReadAllText(this.KVSecretsStorePath);
+
+                    // The cert loaded into the volume by secrets-store-csi-driver-provider-azure is in base64
+                    var certBytes = Convert.FromBase64String(certString);
+
+                    this._certificate = new X509Certificate2(certBytes, string.Empty, X509KeyStorageFlags.Exportable);
+                }
 
                 return this._certificate;
             }
diff --git a/Source/CDR.DataRecipient.SDK/Services/Register/InfosecService.cs b/Source/CDR.DataRecipient.SDK/Services/Register/InfosecService.cs
index 9833e5e..0ad0914 100644
--- a/Source/CDR.DataRecipient.SDK/Services/Register/InfosecService.cs
+++ b/Source/CDR.DataRecipient.SDK/Services/Register/InfosecService.cs
@@ -48,15 +48,30 @@ public async Task<Response<OidcDiscovery>> GetOidcDiscovery(string registerOidcC
 
             this.Logger.LogDebug($"Request received to {nameof(InfosecService)}.{nameof(this.GetOidcDiscovery)}.");
 
+            this.Logger.LogDebug($"Attempting register oidc config.");
+
+            this.Logger.LogDebug("Oidc uri: {Uri}.", registerOidcConfigEndpoint);
+
             var client = this.GetHttpClient();
             var configResponse = await client.GetAsync(this.EnsureValidEndpoint(registerOidcConfigEndpoint));
 
-            oidcResponse.StatusCode = configResponse.StatusCode;
+            this.Logger.LogDebug($"Oidc config call completed.");
+
+            if (configResponse == null)
+            {
+                this.Logger.LogDebug($"Oidc config response is null");
+            }
 
-            if (configResponse.IsSuccessStatusCode)
+            if (configResponse != null)
             {
-                var body = await configResponse.Content.ReadAsStringAsync();
-                oidcResponse.Data = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcDiscovery>(body);
+                this.Logger.LogDebug("Oidc response: {StatusCode}.", configResponse.StatusCode);
+                oidcResponse.StatusCode = configResponse.StatusCode;
+
+                if (configResponse.IsSuccessStatusCode)
+                {
+                    var body = await configResponse.Content.ReadAsStringAsync();
+                    oidcResponse.Data = Newtonsoft.Json.JsonConvert.DeserializeObject<OidcDiscovery>(body);
+                }
             }
 
             return oidcResponse;
diff --git a/Source/CDR.DataRecipient.SDK/Services/Register/SsaService.cs b/Source/CDR.DataRecipient.SDK/Services/Register/SsaService.cs
index c5424c5..7c028d8 100644
--- a/Source/CDR.DataRecipient.SDK/Services/Register/SsaService.cs
+++ b/Source/CDR.DataRecipient.SDK/Services/Register/SsaService.cs
@@ -45,6 +45,8 @@ public async Task<Response<string>> GetSoftwareStatementAssertion(
             var response = await client.GetAsync(this.EnsureValidEndpoint(ssaEndpoint));
             var body = await response.Content.ReadAsStringAsync();
 
+            body = body.Replace("\"", string.Empty);
+
             this.Logger.LogDebug("Get SSA Response: {StatusCode}.  Body: {Body}", response.StatusCode, body);
 
             ssaResponse.StatusCode = response.StatusCode;
diff --git a/Source/CDR.DataRecipient.Web/CDR.DataRecipient.Web.csproj b/Source/CDR.DataRecipient.Web/CDR.DataRecipient.Web.csproj
index f6c911b..09204bd 100644
--- a/Source/CDR.DataRecipient.Web/CDR.DataRecipient.Web.csproj
+++ b/Source/CDR.DataRecipient.Web/CDR.DataRecipient.Web.csproj
@@ -18,7 +18,7 @@
     </Content>
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Azure.Identity" Version="1.12.0" />
+    <PackageReference Include="Azure.Identity" Version="1.17.0" />
     <PackageReference Include="Microsoft.Data.SqlClient" Version="5.2.2" />
     <PackageReference Include="Microsoft.FeatureManagement.AspNetCore" Version="3.4.0" />
     <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="8.0.0" />
@@ -27,7 +27,7 @@
     <PackageReference Include="Serilog.Enrichers.Process" Version="3.0.0" />
     <PackageReference Include="Serilog.Enrichers.Thread" Version="4.0.0" />
     <PackageReference Include="Serilog.Settings.Configuration" Version="8.0.2" />
-    <PackageReference Include="Serilog.Sinks.Console" Version="6.0.0" />
+    <PackageReference Include="Serilog.Sinks.Console" Version="6.1.1" />
     <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
     <PackageReference Include="Serilog.Sinks.MSSqlServer" Version="7.0.0" />
     <PackageReference Include="Swashbuckle.AspNetCore.SwaggerUI" Version="6.6.2" />
diff --git a/Source/CDR.DataRecipient.Web/appsettings.json b/Source/CDR.DataRecipient.Web/appsettings.json
index 8f2fb5f..26dc3d8 100644
--- a/Source/CDR.DataRecipient.Web/appsettings.json
+++ b/Source/CDR.DataRecipient.Web/appsettings.json
@@ -33,7 +33,9 @@
       "clientCertificate": {
         "path": "Certificates/client.pfx",
         "password": "#M0ckDataRecipient#",
-        "url": ""
+        "url": "",
+        "kvSecretsStorePath":""
+
       },
       "signingCertificate": {
         "Path": "Certificates/jwks.pfx",
diff --git a/Source/CDR.DiscoverDataHolders/CDR.DiscoverDataHolders.csproj b/Source/CDR.DiscoverDataHolders/CDR.DiscoverDataHolders.csproj
index fbc1622..fea4540 100644
--- a/Source/CDR.DiscoverDataHolders/CDR.DiscoverDataHolders.csproj
+++ b/Source/CDR.DiscoverDataHolders/CDR.DiscoverDataHolders.csproj
@@ -11,7 +11,7 @@
   </PropertyGroup>
   <ItemGroup>
 	  <FrameworkReference Include="Microsoft.AspNetCore.App" />
-	  <PackageReference Include="Azure.Storage.Queues" Version="12.19.0" />
+	  <PackageReference Include="Azure.Storage.Queues" Version="12.24.0" />
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker" Version="1.22.0" />
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Sdk" Version="1.17.4" />
 	  <PackageReference Include="Microsoft.Azure.Functions.Worker.Extensions.Http.AspNetCore" Version="1.3.2" />
diff --git a/Source/CDR.DiscoverDataHolders/DHOptions.cs b/Source/CDR.DiscoverDataHolders/DHOptions.cs
index 3f62288..60c7c40 100644
--- a/Source/CDR.DiscoverDataHolders/DHOptions.cs
+++ b/Source/CDR.DiscoverDataHolders/DHOptions.cs
@@ -4,7 +4,6 @@ public class DHOptions
     {
         public string DataRecipient_DB_ConnectionString { get; set; }
         public string DataRecipient_Logging_DB_ConnectionString { get; set; }
-        public string AzureWebJobsStorage { get; set; }
         public string StorageConnectionString { get; set; }
         public string FUNCTIONS_WORKER_RUNTIME { get; set; }
         public string Register_Token_Endpoint { get; set; }
diff --git a/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.json b/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.json
index df4dcc9..9ace888 100644
--- a/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.json
+++ b/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.json
@@ -4,8 +4,8 @@
       "type": "appInsights"
     },
     "storage1": {
-      "type": "storage",
-      "connectionId": "AzureWebJobsStorage"
+        "type": "storage",
+        "connectionId": "StorageConnectionString"
     }
   }
 }
\ No newline at end of file
diff --git a/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.local.json b/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.local.json
index 155d87e..a6685be 100644
--- a/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.local.json
+++ b/Source/CDR.DiscoverDataHolders/Properties/serviceDependencies.local.json
@@ -1,8 +1,8 @@
 {
   "dependencies": {
     "storage1": {
-      "type": "storage.emulator",
-      "connectionId": "AzureWebJobsStorage"
+        "type": "storage.emulator",
+        "connectionId": "StorageConnectionString"
     }
   }
 }
\ No newline at end of file
diff --git a/Source/CDR.DiscoverDataHolders/appsettings.docker.json b/Source/CDR.DiscoverDataHolders/appsettings.docker.json
index 2785e0e..6137639 100644
--- a/Source/CDR.DiscoverDataHolders/appsettings.docker.json
+++ b/Source/CDR.DiscoverDataHolders/appsettings.docker.json
@@ -1,7 +1,6 @@
 {
   "DataRecipient_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
   "DataRecipient_Logging_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
-  "AzureWebJobsStorage": "UseDevelopmentStorage=true",
   "StorageConnectionString": "UseDevelopmentStorage=true",
   "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
   "Register_Token_Endpoint": "https://localhost:7001/idp/connect/token",
diff --git a/Source/CDR.DiscoverDataHolders/local.settings.json b/Source/CDR.DiscoverDataHolders/local.settings.json
index 366f440..32bdce1 100644
--- a/Source/CDR.DiscoverDataHolders/local.settings.json
+++ b/Source/CDR.DiscoverDataHolders/local.settings.json
@@ -3,7 +3,6 @@
   "Values": {
     "DataRecipient_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
     "DataRecipient_Logging_DB_ConnectionString": "Server=(localdb)\\MSSQLLocalDB;Database=cdr-mdr;Integrated Security=true",
-    "AzureWebJobsStorage": "UseDevelopmentStorage=true",
     "StorageConnectionString": "UseDevelopmentStorage=true",
     "FUNCTIONS_WORKER_RUNTIME": "dotnet-isolated",
     "Schedule": "0-59 * * * *",
diff --git a/Source/Directory.Build.props b/Source/Directory.Build.props
index 9a0d1e6..3c06068 100644
--- a/Source/Directory.Build.props
+++ b/Source/Directory.Build.props
@@ -1,7 +1,7 @@
 <Project>
     <PropertyGroup>
         <TargetFrameworkVersion>net8.0</TargetFrameworkVersion>
-		<Version>3.0.2</Version>
+		<Version>3.0.3</Version>
 		<RunAnalyzersDuringBuild>true</RunAnalyzersDuringBuild>
 		<EnableNETAnalyzers>true</EnableNETAnalyzers>
 		<TreatWarningsAsErrors Condition="'$(Configuration)' == 'Release'">true</TreatWarningsAsErrors>