diff --git a/sonarqube.yaml b/sonarqube.yaml
index ae1a742d0c1..b9e770a8111 100644
--- a/sonarqube.yaml
+++ b/sonarqube.yaml
@@ -1,7 +1,7 @@
 package:
   name: sonarqube
   version: "25.7.0.110598"
-  epoch: 0
+  epoch: 1
   description: SonarQube is an open source platform for continuous inspection of code quality (Community Build)
   copyright:
     - license: LGPL-3.0-or-later
@@ -42,6 +42,8 @@ pipeline:
       tag: ${{package.version}}
       expected-commit: 015eb1ed5885f7618f674dbf2321871de0f761fb
 
+  - uses: maven/pombump
+
   - uses: patch
     with:
       patches: GHSA-hq9p-pm7w-8p54-remediation.patch
diff --git a/sonarqube/pombump-deps.yaml b/sonarqube/pombump-deps.yaml
new file mode 100644
index 00000000000..ccfca98f859
--- /dev/null
+++ b/sonarqube/pombump-deps.yaml
@@ -0,0 +1,4 @@
+patches:
+  - groupId: org.apache.commons
+    artifactId: commons-lang3
+    version: 3.18.0