diff --git a/.github/bundles/aks/uds-bundle.yaml b/.github/bundles/aks/uds-bundle.yaml
index 147f9d4734..9dea7b587f 100644
--- a/.github/bundles/aks/uds-bundle.yaml
+++ b/.github/bundles/aks/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-aks-nightly
   description: A UDS bundle for deploying UDS Core on AKS
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 packages:
@@ -17,7 +17,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     overrides:
       istio-admin-gateway:
diff --git a/.github/bundles/eks/uds-bundle.yaml b/.github/bundles/eks/uds-bundle.yaml
index e0b16d69bb..b35b24b74f 100644
--- a/.github/bundles/eks/uds-bundle.yaml
+++ b/.github/bundles/eks/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-eks-nightly
   description: A UDS bundle for deploying EKS and UDS Core
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 packages:
@@ -17,7 +17,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     optionalComponents:
       - metrics-server # note: metrics-server is not available as an EKS addon in govcloud
diff --git a/.github/bundles/rke2/uds-bundle.yaml b/.github/bundles/rke2/uds-bundle.yaml
index 1eb4e6827a..af7eb6c5ae 100644
--- a/.github/bundles/rke2/uds-bundle.yaml
+++ b/.github/bundles/rke2/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: uds-core-rke2-nightly
   description: A UDS bundle for deploying RKE2 and UDS Core
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 packages:
@@ -38,7 +38,7 @@ packages:
   - name: core
     path: ../../../build
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     optionalComponents:
       - metrics-server
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
index e0fa6379af..18a9bb1750 100644
--- a/.release-please-manifest.json
+++ b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-    ".": "0.39.0"
+    ".": "0.40.0"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 25c2b0ee96..e34c1dc740 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,66 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.40.0](https://github.com/defenseunicorns/uds-core/compare/v0.39.0...v0.40.0) (2025-04-14)
+
+
+### ⚠ BREAKING CHANGES
+
+* ServiceMonitors and PodMonitors no longer require TLS configuration for Istio, and may fail to scrape metrics if TLS configuration is present. The UDS Operator will handle removing this configuration from monitors in most cases, but may not update your monitor if TLS configuration was directly added separate from the Operator's mutations. In addition, the `istio-certs` and `exempt` scrape classes are no longer supplied as part of the Prometheus setup and should not be set on your monitoring resources going forward.
+* `Package` CR validation will now prevent creating multiple `Package` CRs in the same namespace. Ensure that you only have a single `Package` CR per namespace before this upgrade, otherwise you may be unable to update them going forward.
+* Istio Ambient workloads are now included by default with UDS Core. These workloads are now part of the `istio-controlplane` component (previously part of the optional `istio-ambient` component) - any override values/configuration should target this component instead of `istio-ambient`.
+* Theming configuration for removing additional registration fields has moved under the `themeCustomizations` values (`settings.enableRegistrationFields`). If overriding `DISABLE_REGISTRATION_FIELDS` under `realmInitEnv`, you will need to switch to this new value.
+
+### Features
+
+* add serviceMesh.mode in Package CR ([#1386](https://github.com/defenseunicorns/uds-core/issues/1386)) ([7e50b5d](https://github.com/defenseunicorns/uds-core/commit/7e50b5d591a93e1c6117f52d45f48b37950ef3f1))
+* escape slashes in Keycloak Group names ([#1433](https://github.com/defenseunicorns/uds-core/issues/1433)) ([6b6be2d](https://github.com/defenseunicorns/uds-core/commit/6b6be2d66f64b80b3ac3e5389c1a5f7c1c5b2e99))
+* make istio ambient components default in uds core ([#1428](https://github.com/defenseunicorns/uds-core/issues/1428)) ([32d2752](https://github.com/defenseunicorns/uds-core/commit/32d275223c4e4ad305ab6a8e3f902133743fc1c0))
+* only allow creation of one `UDSPackage` per namespace ([#1372](https://github.com/defenseunicorns/uds-core/issues/1372)) ([2f4dbac](https://github.com/defenseunicorns/uds-core/commit/2f4dbac60ee17afe07a4ce62f96285a0e0f04e47))
+* opt prometheus stack into ambient ([#1445](https://github.com/defenseunicorns/uds-core/issues/1445)) ([793ccb8](https://github.com/defenseunicorns/uds-core/commit/793ccb87642bad0062cdd92de65f319829aa7001))
+* recovering lost Keycloak credentials ([#1410](https://github.com/defenseunicorns/uds-core/issues/1410)) ([0f3b536](https://github.com/defenseunicorns/uds-core/commit/0f3b536015ae28e153956bdd26989be33257b7e5))
+* task cleanup for Keycloak ([#1448](https://github.com/defenseunicorns/uds-core/issues/1448)) ([5af6f2b](https://github.com/defenseunicorns/uds-core/commit/5af6f2b0bf0eecda021800693e4c8ba11e0c1d45))
+
+
+### Bug Fixes
+
+* authpol remoteserviceaccount enablement ([#1415](https://github.com/defenseunicorns/uds-core/issues/1415)) ([c6ae565](https://github.com/defenseunicorns/uds-core/commit/c6ae565bbaf2b958ccf01a1e292ee9038bef7f5f))
+* conditional pepr build in tasks ([#1414](https://github.com/defenseunicorns/uds-core/issues/1414)) ([ea75df2](https://github.com/defenseunicorns/uds-core/commit/ea75df2ad409ff48f9859aeb848c8af2df2434d6))
+* make exemptions conditional for `dev-setup` ([#1442](https://github.com/defenseunicorns/uds-core/issues/1442)) ([4d7b471](https://github.com/defenseunicorns/uds-core/commit/4d7b471c1c15622871ecd537710c6096317f148e))
+* move disable registration fields to theme values ([#1397](https://github.com/defenseunicorns/uds-core/issues/1397)) ([61c67f0](https://github.com/defenseunicorns/uds-core/commit/61c67f0731734b92e96842163f48a7319d3b2156))
+* remove flavor from dev deploy of prom CRDs task ([#1419](https://github.com/defenseunicorns/uds-core/issues/1419)) ([10c9ff2](https://github.com/defenseunicorns/uds-core/commit/10c9ff23b74c8f22e47e53767ea963368d7f381d))
+
+
+### Miscellaneous
+
+* **ci:** add e2e tests for cloud distros ([#1259](https://github.com/defenseunicorns/uds-core/issues/1259)) ([b116a96](https://github.com/defenseunicorns/uds-core/commit/b116a96359406f80d5ea4347d78bd77c14c4ea5a))
+* **deps:** update istio to v1.25.1 ([#1387](https://github.com/defenseunicorns/uds-core/issues/1387)) ([c538ef4](https://github.com/defenseunicorns/uds-core/commit/c538ef4a5671f8157880422cd88baa8e304f4f9b))
+* **deps:** update loki ([#1349](https://github.com/defenseunicorns/uds-core/issues/1349)) ([f087f55](https://github.com/defenseunicorns/uds-core/commit/f087f55b64cd13578e9b9d1c652ae69ca1a0c694))
+* **deps:** update loki to v3.4.3 ([#1426](https://github.com/defenseunicorns/uds-core/issues/1426)) ([cc7fbd1](https://github.com/defenseunicorns/uds-core/commit/cc7fbd198fa429e8dd48fafa61bca8cf8742b480))
+* **deps:** update neuvector to 5.4.3 ([#1368](https://github.com/defenseunicorns/uds-core/issues/1368)) ([6c4b44e](https://github.com/defenseunicorns/uds-core/commit/6c4b44e969aa633726f0ed70f2e5ccf7c88dcc9b))
+* **deps:** update prometheus-stack ([#1402](https://github.com/defenseunicorns/uds-core/issues/1402)) ([707b07d](https://github.com/defenseunicorns/uds-core/commit/707b07d4f17a872859c77cf9480433f277a006fa))
+* **deps:** update support dependencies to v3.28.14 ([#1435](https://github.com/defenseunicorns/uds-core/issues/1435)) ([d29d1b5](https://github.com/defenseunicorns/uds-core/commit/d29d1b5abfe484747631b53b7475af83fa7946d0))
+* **deps:** update support dependencies to v3.28.15 ([#1441](https://github.com/defenseunicorns/uds-core/issues/1441)) ([1e7ebce](https://github.com/defenseunicorns/uds-core/commit/1e7ebce255256c3b3bb7a5407acdd43473fb918f))
+* **deps:** update support dependencies to v3.4.8 ([#1450](https://github.com/defenseunicorns/uds-core/issues/1450)) ([598242b](https://github.com/defenseunicorns/uds-core/commit/598242bdcc77f164d124459a169729905d933394))
+* **deps:** update support dependencies to v4.6.1 ([#1451](https://github.com/defenseunicorns/uds-core/issues/1451)) ([efb22ab](https://github.com/defenseunicorns/uds-core/commit/efb22ab920b1972a0bfe0d3deb220ad80c2a040c))
+* **deps:** update support-deps ([#1409](https://github.com/defenseunicorns/uds-core/issues/1409)) ([d1ade16](https://github.com/defenseunicorns/uds-core/commit/d1ade16d282b78f1dd35b9ced2a4979672f534a1))
+* **deps:** update support-deps ([#1418](https://github.com/defenseunicorns/uds-core/issues/1418)) ([0eecf5f](https://github.com/defenseunicorns/uds-core/commit/0eecf5ff47d0b1388f99261b24f0e919db9b7829))
+* **deps:** update support-deps ([#1425](https://github.com/defenseunicorns/uds-core/issues/1425)) ([9b6f681](https://github.com/defenseunicorns/uds-core/commit/9b6f6812042aa5345efc69c7242922c0014ae867))
+* **deps:** update support-deps ([#1443](https://github.com/defenseunicorns/uds-core/issues/1443)) ([05def89](https://github.com/defenseunicorns/uds-core/commit/05def890049a4cb33e19634f93f08bed008cb09f))
+* **deps:** update support-deps ([#1455](https://github.com/defenseunicorns/uds-core/issues/1455)) ([ccd72cf](https://github.com/defenseunicorns/uds-core/commit/ccd72cf1191a507887fe593d1c962f9af4fd0acd))
+* **deps:** update vector ([#1444](https://github.com/defenseunicorns/uds-core/issues/1444)) ([d36014d](https://github.com/defenseunicorns/uds-core/commit/d36014ddbfcb90844e0bf984b3fa5ab8b0e33c96))
+* **deps:** update velero to v8.7.1 ([#1391](https://github.com/defenseunicorns/uds-core/issues/1391)) ([ea4ed0f](https://github.com/defenseunicorns/uds-core/commit/ea4ed0fe7aa2282ed6aeec397432f14790461cb9))
+* **docs:** fix order of authpols doc ([#1408](https://github.com/defenseunicorns/uds-core/issues/1408)) ([ee55ab1](https://github.com/defenseunicorns/uds-core/commit/ee55ab10091f1ef150bc1050b19ca8ec494deaa8))
+* prefer `===` for comparisons ([#1412](https://github.com/defenseunicorns/uds-core/issues/1412)) ([6963633](https://github.com/defenseunicorns/uds-core/commit/696363385bfc569c79688364ad16d03aae852117))
+* reduce sidecar cpu/memory requests for CI single-layer testing ([#1459](https://github.com/defenseunicorns/uds-core/issues/1459)) ([cc8c405](https://github.com/defenseunicorns/uds-core/commit/cc8c405af6ce2db0d98b3e9bded66904e9e550fd))
+* remove watch and conditional logic around ambient component ([#1447](https://github.com/defenseunicorns/uds-core/issues/1447)) ([d519af3](https://github.com/defenseunicorns/uds-core/commit/d519af3d9f90980dfcaa90eed0ecf98cec089111))
+* update changelog ([#1406](https://github.com/defenseunicorns/uds-core/issues/1406)) ([4239d95](https://github.com/defenseunicorns/uds-core/commit/4239d958744408d47c93021d4d5937b426d36db9))
+
+
+### Documentation
+
+* fix Velero doc link path ([#1456](https://github.com/defenseunicorns/uds-core/issues/1456)) ([01cea57](https://github.com/defenseunicorns/uds-core/commit/01cea5729d3e600e23f04ef131939e3f87983090))
+
 ## [0.39.0](https://github.com/defenseunicorns/uds-core/compare/v0.38.0...v0.39.0) (2025-04-01)
 
 
diff --git a/README.md b/README.md
index a5a5ead266..c65daa9f0d 100644
--- a/README.md
+++ b/README.md
@@ -55,7 +55,7 @@ If you want to try out UDS Core, you can use the [k3d-core-demo bundle](./bundle
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-demo:0.39.0
+uds deploy k3d-core-demo:0.40.0
 ```
 
 <!-- x-release-please-end -->
@@ -69,7 +69,7 @@ Deploy Istio, Keycloak and Pepr:
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-slim-dev:0.39.0
+uds deploy k3d-core-slim-dev:0.40.0
 ```
 
 <!-- x-release-please-end -->
diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml
index ae64219083..38d753209b 100644
--- a/bundles/k3d-slim-dev/uds-bundle.yaml
+++ b/bundles/k3d-slim-dev/uds-bundle.yaml
@@ -7,7 +7,7 @@ metadata:
   name: k3d-core-slim-dev
   description: A UDS bundle for deploying Istio from UDS Core on a development cluster
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 packages:
@@ -38,7 +38,7 @@ packages:
   - name: core-base
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     overrides:
       pepr-uds-core:
@@ -120,7 +120,7 @@ packages:
   - name: core-identity-authorization
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     overrides:
       keycloak:
diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml
index 2233f19239..3e93b6cb70 100644
--- a/bundles/k3d-standard/uds-bundle.yaml
+++ b/bundles/k3d-standard/uds-bundle.yaml
@@ -6,7 +6,7 @@ metadata:
   name: k3d-core-demo
   description: A UDS bundle for deploying the standard UDS Core package on a development cluster
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 packages:
@@ -37,7 +37,7 @@ packages:
   - name: core
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.39.0
+    ref: 0.40.0
     # x-release-please-end
     optionalComponents:
       - istio-passthrough-gateway
diff --git a/packages/backup-restore/zarf.yaml b/packages/backup-restore/zarf.yaml
index fdefbdf759..86d2cb3ac9 100644
--- a/packages/backup-restore/zarf.yaml
+++ b/packages/backup-restore/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Backup and Restore)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/base/zarf.yaml b/packages/base/zarf.yaml
index 9186e93e24..2bc007a988 100644
--- a/packages/base/zarf.yaml
+++ b/packages/base/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Base)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: []
 
diff --git a/packages/checkpoint-dev/zarf.yaml b/packages/checkpoint-dev/zarf.yaml
index 58bfaf1d27..27e77b43de 100644
--- a/packages/checkpoint-dev/zarf.yaml
+++ b/packages/checkpoint-dev/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "Rehydratable UDS K3d + UDS Core Slim (Istio, UDS Operator and Keycloak) Checkpoint"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 variables:
diff --git a/packages/identity-authorization/zarf.yaml b/packages/identity-authorization/zarf.yaml
index 41f4cda599..e82c299509 100644
--- a/packages/identity-authorization/zarf.yaml
+++ b/packages/identity-authorization/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Identity & Authorization)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/logging/zarf.yaml b/packages/logging/zarf.yaml
index 2c97ed526c..c3e621b846 100644
--- a/packages/logging/zarf.yaml
+++ b/packages/logging/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Logging)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/metrics-server/zarf.yaml b/packages/metrics-server/zarf.yaml
index 9ad341c597..bc6aeb0cfb 100644
--- a/packages/metrics-server/zarf.yaml
+++ b/packages/metrics-server/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Metrics Server)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base"]
 
diff --git a/packages/monitoring/zarf.yaml b/packages/monitoring/zarf.yaml
index f968d93b5d..d9713b9ea8 100644
--- a/packages/monitoring/zarf.yaml
+++ b/packages/monitoring/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core Monitoring (Prometheus and Grafana)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base", "identity-authorization"]
 
diff --git a/packages/runtime-security/zarf.yaml b/packages/runtime-security/zarf.yaml
index 865e8f456c..a9a7cd7084 100644
--- a/packages/runtime-security/zarf.yaml
+++ b/packages/runtime-security/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core (Runtime Security)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
   x-uds-dependencies: ["base", "identity-authorization"]
 
diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml
index 1075a4f4c9..54d4c60fd8 100644
--- a/packages/standard/zarf.yaml
+++ b/packages/standard/zarf.yaml
@@ -7,7 +7,7 @@ metadata:
   description: "UDS Core"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.39.0"
+  version: "0.40.0"
   # x-release-please-end
 
 components:
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
index bffd42c19d..79045f8e96 100644
--- a/tasks/deploy.yaml
+++ b/tasks/deploy.yaml
@@ -8,7 +8,7 @@ variables:
   - name: VERSION
     description: "The version of the packages to deploy"
     # x-release-please-start-version
-    default: "0.39.0"
+    default: "0.40.0"
     # x-release-please-end
   - name: FLAVOR
     default: upstream
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
index 40de7cf605..8a95f905a2 100644
--- a/tasks/publish.yaml
+++ b/tasks/publish.yaml
@@ -16,7 +16,7 @@ variables:
   - name: VERSION
     description: "The version of the packages to build"
     # x-release-please-start-version
-    default: "0.39.0"
+    default: "0.40.0"
     # x-release-please-end
 
   - name: LAYER