diff --git a/.github/workflows/add-artifacts-to-release.yml b/.github/workflows/add-artifacts-to-release.yml
index c59e77d832..b33142a137 100644
--- a/.github/workflows/add-artifacts-to-release.yml
+++ b/.github/workflows/add-artifacts-to-release.yml
@@ -201,29 +201,3 @@ jobs:
         with:
           files: |
             babylon-node-${{ needs.setup_version_properties.outputs.VERSION_TAG }}.zip
-
-  snyk-sbom:
-    if: github.event_name == 'release'
-    name: SBOM
-    runs-on: ubuntu-22.04 # Fix GLIBC
-    permissions: write-all
-    steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-node'
-          step_name: 'snyk-sbom'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Generate SBOM
-        uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
-          command: sbom
-      - name: Upload SBOM
-        uses: RDXWorks-actions/action-gh-release@master
-        with:
-          files: |
-            sbom.json
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c410af801c..17ed3d7b6a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -76,29 +76,6 @@ jobs:
         with:
           args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=high
           command: code test
-  snyk-sbom:
-    name: Snyk SBOM
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write
-      pull-requests: read
-      contents: read
-      deployments: write
-    steps:
-      - uses: RDXWorks-actions/checkout@main
-      - uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
-        with:
-          role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
-          app_name: 'babylon-node'
-          step_name: 'snyk-sbom'
-          secret_prefix: 'SNYK'
-          secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
-          parse_json: true
-      - name: Generate SBOM # check SBOM can be generated but nothing is done with it
-        uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
-        with:
-          args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
-          command: sbom
   build:
     name: Unit tests and sonarqube
     runs-on: selfhosted-ubuntu-22.04-16-cores
diff --git a/Dockerfile b/Dockerfile
index eeadd6f88c..f87e423822 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,7 +20,7 @@ ENV DEBIAN_FRONTEND noninteractive
 
 CMD ["/bin/bash"]
 
-ARG WGET_VERSION="1.21.3-1+b2"
+ARG WGET_VERSION="1.21.3-1+deb12u1"
 ARG VERSION_BRANCH=""
 ARG VERSION_COMMIT=""
 ARG VERSION_DISPLAY=""
@@ -49,14 +49,14 @@ ENV VERSION_LAST_TAG=$VERSION_LAST_TAG
 # - https://packages.debian.org/bookworm/openjdk-17-jdk
 RUN apt-get update \
   && apt-get install -y --no-install-recommends \
-    docker.io=20.10.24+dfsg1-1+deb12u1 \
-    libssl-dev=3.0.15-1~deb12u1 \
+    docker.io=20.10.24+dfsg1-1+deb12u1+b2 \
+    libssl-dev=3.0.17-1~deb12u3 \
     pkg-config=1.8.1-1 \
     unzip=6.0-28 \
     wget=${WGET_VERSION} \
     software-properties-common=0.99.30-4.1~deb12u1 \
   && apt-get install -y --no-install-recommends \
-    openjdk-17-jdk=17.0.13+11-2~deb12u1 \
+    openjdk-17-jdk=17.0.17+10-1~deb12u1 \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/*
 
@@ -126,19 +126,19 @@ RUN apt-get update \
     ca-certificates \
     build-essential=12.9 \
     # https://security-tracker.debian.org/tracker/CVE-2023-38545
-    curl=7.88.1-10+deb12u8 \
+    curl=7.88.1-10+deb12u14 \
     g++-aarch64-linux-gnu \
     g++-x86-64-linux-gnu \
     libc6-dev-arm64-cross=2.36-8cross1 \
     libclang-dev=1:14.0-55.7~deb12u1 \
-    libssl-dev=3.0.15-1~deb12u1 \
+    libssl-dev=3.0.17-1~deb12u3 \
     pkg-config=1.8.1-1 \
   && rm -rf /var/lib/apt/lists/*
 
 # We fix the version of Rust here to ensure that we can update it without having
 # issues with the caching layers containing outdated versions which aren't compatible.
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh \
-  && sh rustup.sh -y --target 1.81.0-aarch64-unknown-linux-gnu 1.81.0-x86_64-unknown-linux-gnu --default-toolchain 1.81.0
+  && sh rustup.sh -y --target 1.88.0-aarch64-unknown-linux-gnu,1.88.0-x86_64-unknown-linux-gnu --default-toolchain 1.88.0
 
 RUN "$HOME/.cargo/bin/cargo" install sccache --version 0.7.4
 
@@ -259,9 +259,9 @@ LABEL org.opencontainers.image.authors="devops@radixdlt.com"
 # - https://packages.debian.org/bookworm/libc6
 RUN apt-get update -y \
   && apt-get -y --no-install-recommends install \
-    openjdk-17-jre-headless=17.0.13+11-2~deb12u1 \
+    openjdk-17-jre-headless=17.0.17+10-1~deb12u1 \
     # https://security-tracker.debian.org/tracker/CVE-2023-38545
-    curl=7.88.1-10+deb12u8 \
+    curl=7.88.1-10+deb12u14 \
     gettext-base=0.21-12 \
     daemontools=1:0.76-8.1 \
     # https://security-tracker.debian.org/tracker/CVE-2023-4911
diff --git a/core-rust/state-manager/src/store/rocks_db.rs b/core-rust/state-manager/src/store/rocks_db.rs
index 58c575d186..fa0fdab4ab 100644
--- a/core-rust/state-manager/src/store/rocks_db.rs
+++ b/core-rust/state-manager/src/store/rocks_db.rs
@@ -637,6 +637,10 @@ impl<R: WriteableRocks> StateManagerDatabase<R> {
                     .state_changes
                     .substate_level_changes,
             );
+            db_context.cf(ExtensionsDataCf).put(
+                &ExtensionsDataKey::EntityListingIndicesLastProcessedStateVersion,
+                &transaction_bundle.state_version.to_be_bytes().to_vec(),
+            );
         }
 
         let CommittedTransactionBundle {