diff --git a/.github/bundles/aks/uds-bundle.yaml b/.github/bundles/aks/uds-bundle.yaml
index 9d6bd420b1..0cd75614c5 100644
--- a/.github/bundles/aks/uds-bundle.yaml
+++ b/.github/bundles/aks/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-aks-nightly
   description: A UDS bundle for deploying UDS Core on AKS
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 packages:
@@ -17,7 +17,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     optionalComponents:
       - istio-ambient
diff --git a/.github/bundles/eks/uds-bundle.yaml b/.github/bundles/eks/uds-bundle.yaml
index 0f54b8cd48..dd01165ce2 100644
--- a/.github/bundles/eks/uds-bundle.yaml
+++ b/.github/bundles/eks/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-eks-nightly
   description: A UDS bundle for deploying EKS and UDS Core
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 packages:
@@ -17,7 +17,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     optionalComponents:
       - istio-ambient
diff --git a/.github/bundles/rke2/uds-bundle.yaml b/.github/bundles/rke2/uds-bundle.yaml
index 814fb96170..297b592464 100644
--- a/.github/bundles/rke2/uds-bundle.yaml
+++ b/.github/bundles/rke2/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-rke2-nightly
   description: A UDS bundle for deploying RKE2 and UDS Core
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 packages:
@@ -38,7 +38,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     optionalComponents:
       - istio-ambient
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index 99b982a728..e0fa6379af 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-    ".": "0.38.0"
+    ".": "0.39.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index cfa3bdd5eb..42a056923a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,56 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.39.0](https://github.com/defenseunicorns/uds-core/compare/v0.38.0...v0.39.0) (2025-04-01)
+
+
+### ⚠ BREAKING CHANGES
+
+* dynamic generation of Istio AuthorizationPolicy resources in ambient mode based on the configuration defined in a UDSPackage. ALL requests to a pod with authservice protection MUST have a jwt from Keycloak. More fine-grained protection can be done with additional DENY policies, but there will always be a requirement for a Keycloak JWT in addition.
+
+### Features
+
+* add alertmanager datasource to grafana ([#1374](https://github.com/defenseunicorns/uds-core/issues/1374)) ([818a3a0](https://github.com/defenseunicorns/uds-core/commit/818a3a0967a689dfceeb9b494c11167fda3d09a5))
+* ambient mesh authorization policy generation (https://github.com/defenseunicorns/uds-core/pull/1384) ([b47daba](https://github.com/defenseunicorns/uds-core/commit/b47dabaea78ee1a1089bbda59660b5a0a017114f))
+* new webauth and mfa flows ([#1370](https://github.com/defenseunicorns/uds-core/issues/1370)) ([1ac1b03](https://github.com/defenseunicorns/uds-core/commit/1ac1b03b985feae924f0881c28ab11adba9aed33))
+* theme customization ([#1382](https://github.com/defenseunicorns/uds-core/issues/1382)) ([55ef41b](https://github.com/defenseunicorns/uds-core/commit/55ef41b9fd9cf20b13699b6955ac99cd5bb9a9a0))
+* use Client Credentials for managing Keycloak Clients ([#1341](https://github.com/defenseunicorns/uds-core/issues/1341)) ([4db9cc7](https://github.com/defenseunicorns/uds-core/commit/4db9cc75aac1473ebd9cffd772e7be39761fa2a6))
+
+
+### Bug Fixes
+
+* add delete credential keycloak secret value ([#1398](https://github.com/defenseunicorns/uds-core/issues/1398)) ([d45b3e6](https://github.com/defenseunicorns/uds-core/commit/d45b3e6c1a35caa638535ea8c6b9061136fd482c))
+* broken selectors for internal dependencies on charts ([#1403](https://github.com/defenseunicorns/uds-core/issues/1403)) ([d72b194](https://github.com/defenseunicorns/uds-core/commit/d72b194b6fb68eb45411dc6c7b3e276241d23f6b))
+
+
+### Miscellaneous
+
+* add additionalNetworkAllow to keycloak and loki ([#1379](https://github.com/defenseunicorns/uds-core/issues/1379)) ([8200bce](https://github.com/defenseunicorns/uds-core/commit/8200bce42dfa0baf3349187a440d871eda20e3cd))
+* add docs for layer selection ([#1216](https://github.com/defenseunicorns/uds-core/issues/1216)) ([c170322](https://github.com/defenseunicorns/uds-core/commit/c1703221b85d37451d60c226863a0b168e702e01))
+* **deps:** update grafana ([#1383](https://github.com/defenseunicorns/uds-core/issues/1383)) ([122dc58](https://github.com/defenseunicorns/uds-core/commit/122dc584c97fb789b6664683811dc5d33f7714bc))
+* **deps:** update grafana to v8.10.4 ([#1363](https://github.com/defenseunicorns/uds-core/issues/1363)) ([fb163bd](https://github.com/defenseunicorns/uds-core/commit/fb163bdf69b6b8a3d5d251a9e52bd512cc3e394e))
+* **deps:** update istio to v1.25.0 ([#1335](https://github.com/defenseunicorns/uds-core/issues/1335)) ([1803ea7](https://github.com/defenseunicorns/uds-core/commit/1803ea7375100e61d2e06816e6c7150e0e4e76dc))
+* **deps:** update keycloak to v0.11.1 ([#1400](https://github.com/defenseunicorns/uds-core/issues/1400)) ([6fdcd0c](https://github.com/defenseunicorns/uds-core/commit/6fdcd0c94e3aa9b86beab22e542cfb5334533b90))
+* **deps:** update keycloak to v26.1.4 ([#1356](https://github.com/defenseunicorns/uds-core/issues/1356)) ([31152f7](https://github.com/defenseunicorns/uds-core/commit/31152f7659ef02335494d3a3646b49a4dd68398d))
+* **deps:** update pepr to v0.46.3 ([#1365](https://github.com/defenseunicorns/uds-core/issues/1365)) ([304a556](https://github.com/defenseunicorns/uds-core/commit/304a556f7cec391cda0c8f6b330bad652d329a03))
+* **deps:** update prometheus-stack ([#1362](https://github.com/defenseunicorns/uds-core/issues/1362)) ([ae40b27](https://github.com/defenseunicorns/uds-core/commit/ae40b27e38522749e7b8cd21702610307d2e182a))
+* **deps:** update prometheus-stack ([#1380](https://github.com/defenseunicorns/uds-core/issues/1380)) ([eec3337](https://github.com/defenseunicorns/uds-core/commit/eec3337a61992a2eb50af54471c96f5d5d9c001e))
+* **deps:** update support dependencies to v22.13.17 ([#1401](https://github.com/defenseunicorns/uds-core/issues/1401)) ([8a81eec](https://github.com/defenseunicorns/uds-core/commit/8a81eecbd007df466f9985e849587fbe78039bcd))
+* **deps:** update support-deps ([#1364](https://github.com/defenseunicorns/uds-core/issues/1364)) ([7819bec](https://github.com/defenseunicorns/uds-core/commit/7819bec4b32d32fb29c8c59ffda22eb6705175c1))
+* **deps:** update support-deps ([#1376](https://github.com/defenseunicorns/uds-core/issues/1376)) ([dd22589](https://github.com/defenseunicorns/uds-core/commit/dd22589fbe8e9ef44674ad09c2f4317c9a103759))
+* **deps:** update support-deps ([#1390](https://github.com/defenseunicorns/uds-core/issues/1390)) ([f06bb70](https://github.com/defenseunicorns/uds-core/commit/f06bb7066a42e0dc298cac5164025a706255faec))
+* **deps:** update support-deps ([#1392](https://github.com/defenseunicorns/uds-core/issues/1392)) ([c0762a3](https://github.com/defenseunicorns/uds-core/commit/c0762a3861e0acdef25ebe854eece8b3deaa6274))
+* **deps:** update ts-jest to v29.3.0 ([#1377](https://github.com/defenseunicorns/uds-core/issues/1377)) ([8b2174a](https://github.com/defenseunicorns/uds-core/commit/8b2174a1e567a92f6b6f8ec3548e999fc4dee445))
+* **deps:** update velero to v8.6.0 ([#1371](https://github.com/defenseunicorns/uds-core/issues/1371)) ([93a44e6](https://github.com/defenseunicorns/uds-core/commit/93a44e6d67b36f92c204d043484d996e877194ac))
+* remove kiali and tempo references from repo ([#1375](https://github.com/defenseunicorns/uds-core/issues/1375)) ([8374de3](https://github.com/defenseunicorns/uds-core/commit/8374de3cbfccfffd6825ae59c18e6080f691346b))
+* update how to scrape metrics ([#1378](https://github.com/defenseunicorns/uds-core/issues/1378)) ([e808f7d](https://github.com/defenseunicorns/uds-core/commit/e808f7d394ea4848c6203cc469960f82b89d0fa4))
+* update unicorn ztunnel image to 1.25.0 ([#1389](https://github.com/defenseunicorns/uds-core/issues/1389)) ([7e446cb](https://github.com/defenseunicorns/uds-core/commit/7e446cbff939d144f964d41c55190626075f410a))
+
+
+### Documentation
+
+* velero csi vsphere backups ([#1385](https://github.com/defenseunicorns/uds-core/issues/1385)) ([5ae33b2](https://github.com/defenseunicorns/uds-core/commit/5ae33b2d01f308f5d7d067d30aa4b911d1c0d20e))
+
 ## [0.38.0](https://github.com/defenseunicorns/uds-core/compare/v0.37.0...v0.38.0) (2025-03-19)
 
 
diff --git a/README.md b/README.md
index 7ebf0f50bb..a5a5ead266 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you want to try out UDS Core, you can use the [k3d-core-demo bundle](./bundle
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-demo:0.38.0
+uds deploy k3d-core-demo:0.39.0
 ```
 
 <!-- x-release-please-end -->
@@ -69,7 +69,7 @@ Deploy Istio, Keycloak and Pepr:
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-slim-dev:0.38.0
+uds deploy k3d-core-slim-dev:0.39.0
 ```
 
 <!-- x-release-please-end -->
diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml
index 33d94515cc..17c948c6b3 100644
--- a/bundles/k3d-slim-dev/uds-bundle.yaml
+++ b/bundles/k3d-slim-dev/uds-bundle.yaml
@@ -7,7 +7,7 @@ metadata:
   name: k3d-core-slim-dev
   description: A UDS bundle for deploying Istio from UDS Core on a development cluster
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 packages:
@@ -38,7 +38,7 @@ packages:
   - name: core-base
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     overrides:
       pepr-uds-core:
@@ -120,7 +120,7 @@ packages:
   - name: core-identity-authorization
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     overrides:
       keycloak:
diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml
index adbcad97aa..19dbc0c85e 100644
--- a/bundles/k3d-standard/uds-bundle.yaml
+++ b/bundles/k3d-standard/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: k3d-core-demo
   description: A UDS bundle for deploying the standard UDS Core package on a development cluster
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 packages:
@@ -37,7 +37,7 @@ packages:
   - name: core
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.38.0
+    ref: 0.39.0
     # x-release-please-end
     optionalComponents:
       - istio-ambient
diff --git a/packages/backup-restore/zarf.yaml b/packages/backup-restore/zarf.yaml
index 58c98d69eb..fdefbdf759 100644
--- a/packages/backup-restore/zarf.yaml
+++ b/packages/backup-restore/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Backup and Restore)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/base/zarf.yaml b/packages/base/zarf.yaml
index d3eb07af05..1932db8fbc 100644
--- a/packages/base/zarf.yaml
+++ b/packages/base/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Base)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: []
 
diff --git a/packages/checkpoint-dev/zarf.yaml b/packages/checkpoint-dev/zarf.yaml
index c55837e56c..58bfaf1d27 100644
--- a/packages/checkpoint-dev/zarf.yaml
+++ b/packages/checkpoint-dev/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "Rehydratable UDS K3d + UDS Core Slim (Istio, UDS Operator and Keycloak) Checkpoint"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 variables:
diff --git a/packages/identity-authorization/zarf.yaml b/packages/identity-authorization/zarf.yaml
index 01f5b48b38..41f4cda599 100644
--- a/packages/identity-authorization/zarf.yaml
+++ b/packages/identity-authorization/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Identity & Authorization)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/logging/zarf.yaml b/packages/logging/zarf.yaml
index 1155b63ade..2c97ed526c 100644
--- a/packages/logging/zarf.yaml
+++ b/packages/logging/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Logging)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/metrics-server/zarf.yaml b/packages/metrics-server/zarf.yaml
index 4be6112219..9ad341c597 100644
--- a/packages/metrics-server/zarf.yaml
+++ b/packages/metrics-server/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Metrics Server)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/monitoring/zarf.yaml b/packages/monitoring/zarf.yaml
index 43dfb62dd2..f968d93b5d 100644
--- a/packages/monitoring/zarf.yaml
+++ b/packages/monitoring/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core Monitoring (Prometheus and Grafana)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base", "identity-authorization"]
 
diff --git a/packages/runtime-security/zarf.yaml b/packages/runtime-security/zarf.yaml
index 4031ad932c..865e8f456c 100644
--- a/packages/runtime-security/zarf.yaml
+++ b/packages/runtime-security/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Runtime Security)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
   x-uds-dependencies: ["base", "identity-authorization"]
 
diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml
index 9f80f41c92..2bd465cb92 100644
--- a/packages/standard/zarf.yaml
+++ b/packages/standard/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.38.0"
+  version: "0.39.0"
   # x-release-please-end
 
 components:
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
index 2727a5dee6..8906939652 100644
--- a/tasks/deploy.yaml
+++ b/tasks/deploy.yaml
@@ -8,7 +8,7 @@ variables:
   - name: VERSION
     description: "The version of the packages to deploy"
     # x-release-please-start-version
-    default: "0.38.0"
+    default: "0.39.0"
     # x-release-please-end
   - name: FLAVOR
     default: upstream
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
index ec593425db..40de7cf605 100644
--- a/tasks/publish.yaml
+++ b/tasks/publish.yaml
@@ -16,7 +16,7 @@ variables:
   - name: VERSION
     description: "The version of the packages to build"
     # x-release-please-start-version
-    default: "0.38.0"
+    default: "0.39.0"
     # x-release-please-end
 
   - name: LAYER