diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8e0005eed2..7a37594b78c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,37 @@
# Change Log
+## [Version 12.2.2](https://github.com/dependency-check/DependencyCheck/releases/tag/v12.2.2) (2026-05-03x)
+
+- fix: widen reference URL column to handle long Mozilla CVE URLs ([#8467](https://github.com/dependency-check/DependencyCheck/pull/8467))
+- fix: improve Sonatype Guide / OSS Index cache handling and insufficient credits error reporting ([#8451](https://github.com/dependency-check/DependencyCheck/pull/8451))
+- fix: de-duplicate and sort both `includedBy` and `projectReferences` in reports ([#8440](https://github.com/dependency-check/DependencyCheck/pull/8440))
+- fix: add corepack to docker image ([#8386](https://github.com/dependency-check/DependencyCheck/pull/8386))
+- fix: support and prefer githubID vuln identifiers from RetireJS ([#8419](https://github.com/dependency-check/DependencyCheck/pull/8419))
+- fix: bump open-vulnerability-clients to resolve NVD timestamp parsing errors ([#8427](https://github.com/dependency-check/DependencyCheck/pull/8427))
+- fix: migrate default OSS Index API URL to Sonatype Guide; supporting optional username ([#8404](https://github.com/dependency-check/DependencyCheck/pull/8404))
+- chore(fp): remove duplicate log4j FP suppressions ([#8468](https://github.com/dependency-check/DependencyCheck/pull/8468))
+- chore: remove spurious bundle-audit log line when there are no errors ([#8454](https://github.com/dependency-check/DependencyCheck/pull/8454))
+- docs: tweak docs site structure; documenting missing analyzers ([#8462](https://github.com/dependency-check/DependencyCheck/pull/8462))
+- docs: correct missing documentation for Gradle plugin ([#8431](https://github.com/dependency-check/DependencyCheck/pull/8431))
+- build(deps): bump the actions-deps group with 8 updates ([#8472](https://github.com/dependency-check/DependencyCheck/pull/8472))
+- build(deps): bump com.fasterxml.jackson:jackson-bom from 2.21.2 to 2.21.3 ([#8465](https://github.com/dependency-check/DependencyCheck/pull/8465))
+- build(deps): bump org.postgresql:postgresql from 42.7.10 to 42.7.11 ([#8463](https://github.com/dependency-check/DependencyCheck/pull/8463))
+- build(deps): bump commons-codec:commons-codec from 1.21.0 to 1.22.0 ([#8453](https://github.com/dependency-check/DependencyCheck/pull/8453))
+- build(deps): bump org.apache.maven.plugins:maven-invoker-plugin from 3.9.1 to 3.10.0 ([#8452](https://github.com/dependency-check/DependencyCheck/pull/8452))
+- build(deps): bump joda-time:joda-time from 2.14.1 to 2.14.2 ([#8464](https://github.com/dependency-check/DependencyCheck/pull/8464))
+- build(deps): bump com.mysql:mysql-connector-j from 9.6.0 to 9.7.0 ([#8445](https://github.com/dependency-check/DependencyCheck/pull/8445))
+- build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0 ([#8448](https://github.com/dependency-check/DependencyCheck/pull/8448))
+- build(deps): bump commons-io:commons-io from 2.21.0 to 2.22.0
+- build(deps): bump org.jsoup:jsoup from 1.22.1 to 1.22.2 ([#8437](https://github.com/dependency-check/DependencyCheck/pull/8437))
+- build(deps): bump com.google.guava:guava from 33.5.0-jre to 33.6.0-jre ([#8420](https://github.com/dependency-check/DependencyCheck/pull/8420))
+- build(deps): bump httpcomponents.client.version from 5.6 to 5.6.1 ([#8432](https://github.com/dependency-check/DependencyCheck/pull/8432))
+- build(deps): bump apache.ant.version from 1.10.16 to 1.10.17 ([#8416](https://github.com/dependency-check/DependencyCheck/pull/8416))
+
+
+- chore: tidy CHANGELOG formatting ([#8414](https://github.com/dependency-check/DependencyCheck/pull/8414))
+
+See the full listing of [changes](https://github.com/dependency-check/DependencyCheck/milestone/104?closed=1)
+
## [Version 12.2.1](https://github.com/dependency-check/DependencyCheck/releases/tag/v12.2.1) (2026-04-11)
- build: improve GHA workflow experience for forks ([#8285](https://github.com/dependency-check/DependencyCheck/pull/8285))
diff --git a/ant/pom.xml b/ant/pom.xml
index c68363ae7eb..07371c6893d 100644
--- a/ant/pom.xml
+++ b/ant/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-ant
diff --git a/archetype/pom.xml b/archetype/pom.xml
index eda5382d203..72dd231e485 100644
--- a/archetype/pom.xml
+++ b/archetype/pom.xml
@@ -20,14 +20,14 @@ Copyright (c) 2017 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-plugin
Dependency-Check Plugin Archetype
jar
- 2026-04-11T15:25:01Z
+ 2026-05-03T10:20:35Z
scm:git:https://github.com/dependency-check/DependencyCheck.git
diff --git a/cli/pom.xml b/cli/pom.xml
index e754a70ccba..989467f1335 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-cli
diff --git a/core/pom.xml b/core/pom.xml
index 05b9d0b247b..669ff551f54 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-core
diff --git a/maven/pom.xml b/maven/pom.xml
index c47fefe926b..8241aed128d 100644
--- a/maven/pom.xml
+++ b/maven/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2013 Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-maven
maven-plugin
diff --git a/pom.xml b/pom.xml
index bf001738a59..548eae61dc0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2012 - Jeremy Long
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
pom
@@ -113,7 +113,7 @@ Copyright (c) 2012 - Jeremy Long
11
- 2026-04-11T15:25:01Z
+ 2026-05-03T10:20:35Z
UTF-8
UTF-8
diff --git a/src/site/markdown/analyzers/oss-index-analyzer.md b/src/site/markdown/analyzers/oss-index-analyzer.md
index f89ad4f622b..473300dbbc2 100644
--- a/src/site/markdown/analyzers/oss-index-analyzer.md
+++ b/src/site/markdown/analyzers/oss-index-analyzer.md
@@ -22,7 +22,7 @@ During this migration users will need to make some minor changes.
- login with OSS Index account credentials to the Sonatype Guide platform to validate your account has been migrated
- migrate OSS Index analyzer base URL to Sonatype Guide platform
- override Dependency-Check configuration OR
- - upgrade to Dependency-Check `12.2.1` (if using defaults)
+ - upgrade to Dependency-Check `12.2.1`+ (if using defaults)
- review API usage within Sonatype Guide to determine whether continued free usage is possible (new API limits apply from April 28 2026 onwards)
- consider [cache/restore of Dependency-Check's data directory](../data/cacheh2.md) between runs to retain the OSS Index cache, and reduce API load
- _Before_ December 31, 2026
diff --git a/utils/pom.xml b/utils/pom.xml
index 133b7555fb6..f6bbb02ad57 100644
--- a/utils/pom.xml
+++ b/utils/pom.xml
@@ -20,7 +20,7 @@ Copyright (c) 2014 - Jeremy Long. All Rights Reserved.
org.owasp
dependency-check-parent
- 12.2.2-SNAPSHOT
+ 12.2.3-SNAPSHOT
dependency-check-utils