diff --git a/ironic-image/Dockerfile b/ironic-image/Dockerfile
index b137d4f..671f1f5 100644
--- a/ironic-image/Dockerfile
+++ b/ironic-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3
-#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%
 
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -41,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="29.0.4.3"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3-%RELEASE%"
+LABEL org.opencontainers.image.version="29.0.4.4"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
diff --git a/ironic-image/ironic-config/apache2-vmedia.conf.j2 b/ironic-image/ironic-config/apache2-vmedia.conf.j2
index 2301717..3abb7c4 100644
--- a/ironic-image/ironic-config/apache2-vmedia.conf.j2
+++ b/ironic-image/ironic-config/apache2-vmedia.conf.j2
@@ -11,6 +11,19 @@ Listen [::]:{{ env.VMEDIA_TLS_PORT }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
 
+    {% if "IRONIC_VMEDIA_TLS_12_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_12_CIPHERS %}
+    SSLCipherSuite {{ env.IRONIC_VMEDIA_TLS_12_CIPHERS }}
+    {% endif %}
+    {% if "IRONIC_VMEDIA_TLS_13_CIPHERS" in env and env.IRONIC_VMEDIA_TLS_13_CIPHERS %}
+    SSLCipherSuite TLSv1.3 {{ env.IRONIC_VMEDIA_TLS_13_CIPHERS }}
+    {% endif %}
+    {% if "IRONIC_VMEDIA_CURVES" in env and env.IRONIC_VMEDIA_CURVES %}
+    SSLOpenSSLConfCmd Curves {{ env.IRONIC_VMEDIA_CURVES }}
+    {% endif %}
+    {% if env.IRONIC_VMEDIA_TLS_ENFORCE_SERVER_CIPHER_ORDER | lower == "true" %}
+    SSLHonorCipherOrder on
+    {% endif %}
+
     <Directory "/shared/html/">
         Options Indexes FollowSymLinks
         AllowOverride None
diff --git a/ironic-ipa-downloader-image/Dockerfile b/ironic-ipa-downloader-image/Dockerfile
index 485db0e..08909e2 100644
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.9"
+LABEL org.opencontainers.image.version="3.0.10"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
diff --git a/ironic-ipa-downloader-image/Dockerfile.aarch64 b/ironic-ipa-downloader-image/Dockerfile.aarch64
index 38d7eb7..6f47548 100644
--- a/ironic-ipa-downloader-image/Dockerfile.aarch64
+++ b/ironic-ipa-downloader-image/Dockerfile.aarch64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.9"
+LABEL org.opencontainers.image.version="3.0.10"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
diff --git a/ironic-ipa-downloader-image/Dockerfile.x86_64 b/ironic-ipa-downloader-image/Dockerfile.x86_64
index ad94c15..619cbeb 100644
--- a/ironic-ipa-downloader-image/Dockerfile.x86_64
+++ b/ironic-ipa-downloader-image/Dockerfile.x86_64
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.9"
+LABEL org.opencontainers.image.version="3.0.10"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
diff --git a/ironic-ipa-ramdisk/config.sh b/ironic-ipa-ramdisk/config.sh
index 8d2226f..c188274 100644
--- a/ironic-ipa-ramdisk/config.sh
+++ b/ironic-ipa-ramdisk/config.sh
@@ -16,7 +16,7 @@ baseSetupBuildDay
 #==========================================
 # remove unneded kernel files
 #------------------------------------------
-suseStripKernel
+#suseStripKernel
 baseStripLocales en_US.utf-8 C.utf8
 
 #======================================
diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
index 9104d46..454b163 100644
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
@@ -28,68 +28,6 @@
       <source path="dir:///.build.binaries"/>
     </repository>
 
-    <drivers>
-        <file name="crypto/*"/>
-        <file name="drivers/acpi/*"/>
-        <file name="drivers/acpi/dock.ko"/>
-        <file name="drivers/ata/*"/>
-        <file name="drivers/block/brd.ko"/>
-        <file name="drivers/block/cciss.ko"/>
-        <file name="drivers/block/loop.ko"/>
-        <file name="drivers/block/virtio_blk.ko"/>
-        <file name="drivers/cdrom/*"/>
-        <file name="drivers/char/hw_random/virtio-rng.ko"/>
-        <file name="drivers/char/lp.ko"/>
-        <file name="drivers/char/ipmi/*"/>
-        <file name="drivers/firmware/iscsi_ibft.ko"/>
-        <file name="drivers/firmware/edd.ko"/>
-        <file name="drivers/gpu/drm/*"/>
-        <file name="drivers/hid/*"/>
-        <file name="drivers/hv/*"/>
-        <file name="drivers/hwmon/*"/>
-        <file name="drivers/ide/*"/>
-        <file name="drivers/input/keyboard/*"/>
-        <file name="drivers/input/mouse/*"/>
-        <file name="drivers/md/*"/>
-        <file name="drivers/message/fusion/*"/>
-        <file name="drivers/misc/hpilo.ko"/>
-        <file name="drivers/net/*"/>
-        <file name="drivers/parport/*"/>
-        <file name="drivers/scsi/*"/>
-        <file name="drivers/staging/hv/*"/>
-        <file name="drivers/target/*"/>
-        <file name="drivers/thermal/*"/>
-        <file name="drivers/usb/*"/>
-        <file name="drivers/virtio/*"/>
-        <file name="fs/binfmt_aout.ko"/>
-        <file name="fs/binfmt_misc.ko"/>
-        <file name="fs/overlayfs/*"/>
-        <file name="fs/btrfs/*"/>
-        <file name="fs/exportfs/*"/>
-        <file name="fs/ext4/*"/>
-        <file name="fs/fat/*"/>
-        <file name="fs/fuse/*"/>
-        <file name="fs/hfs/*"/>
-        <file name="fs/jbd2/*"/>
-        <file name="fs/nfs/*"/>
-        <file name="fs/mbcache.ko"/>
-        <file name="fs/nls/nls_cp437.ko"/>
-        <file name="fs/nls/nls_iso8859-1.ko"/>
-        <file name="fs/nls/nls_utf8.ko"/>
-        <file name="fs/quota_v1.ko"/>
-        <file name="fs/quota_v2.ko"/>
-        <file name="fs/squashfs/*"/>
-        <file name="fs/udf/*"/>
-        <file name="fs/vfat/*"/>
-        <file name="fs/xfs/*"/>
-        <file name="fs/isofs/*"/>
-        <file name="lib/crc-t10dif.ko"/>
-        <file name="lib/crc16.ko"/>
-        <file name="lib/libcrc32c.ko"/>
-        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
-        <file name="net/packet/*"/>
-    </drivers>
-
     <packages type="delete">
         <package name="gpg2"/>
         <package name="libcairo2"/>
diff --git a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
index d244cd7..e398255 100644
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.7
+Version:        3.0.8
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
diff --git a/metal3-chart/Chart.yaml b/metal3-chart/Chart.yaml
index b7f9e47..4e44b0a 100644
--- a/metal3-chart/Chart.yaml
+++ b/metal3-chart/Chart.yaml
@@ -1,7 +1,7 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.16_up0.12.6-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9-%RELEASE%
 apiVersion: v2
-appVersion: 0.12.6
+appVersion: 0.12.9
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.11.4
+  version: 0.11.6
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
@@ -20,9 +20,9 @@ dependencies:
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.6
+  version: 0.7.1
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.16+up0.12.6"
+version: "%%CHART_MAJOR%%.0.19+up0.12.9"
diff --git a/metal3-chart/charts/ironic/Chart.yaml b/metal3-chart/charts/ironic/Chart.yaml
index cf64357..5b8d3a8 100644
--- a/metal3-chart/charts/ironic/Chart.yaml
+++ b/metal3-chart/charts/ironic/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.11.4
+version: 0.11.6
diff --git a/metal3-chart/charts/ironic/templates/configmap.yaml b/metal3-chart/charts/ironic/templates/configmap.yaml
index f46830b..58912b4 100644
--- a/metal3-chart/charts/ironic/templates/configmap.yaml
+++ b/metal3-chart/charts/ironic/templates/configmap.yaml
@@ -52,3 +52,6 @@ data:
   {{- else }}
   IRONIC_USE_MARIADB: "false"
   {{- end }}
+  {{- with .Values.ironicExtraEnv -}}
+  {{ toYaml . | nindent 2 }}  
+  {{- end -}}
\ No newline at end of file
diff --git a/metal3-chart/charts/ironic/values.yaml b/metal3-chart/charts/ironic/values.yaml
index 4f0aa74..f5390c7 100644
--- a/metal3-chart/charts/ironic/values.yaml
+++ b/metal3-chart/charts/ironic/values.yaml
@@ -64,11 +64,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 29.0.4.3
+    tag: 29.0.4.4
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.9
+    tag: 3.0.10
 
 nameOverride: ""
 fullnameOverride: ""
@@ -138,6 +138,8 @@ baremetaloperator:
 debug:
   ironicRamdiskSshKey: ""
 
+ironicExtraEnv: {}
+
 tlscerts:
   cacert: ""
   key: ""
diff --git a/metal3-chart/charts/media/Chart.yaml b/metal3-chart/charts/media/Chart.yaml
index 283fa6f..5f74cd3 100644
--- a/metal3-chart/charts/media/Chart.yaml
+++ b/metal3-chart/charts/media/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 1.16.0
+appVersion: 1.21.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.6
+version: 0.7.1
diff --git a/metal3-chart/charts/media/templates/deployment.yaml b/metal3-chart/charts/media/templates/deployment.yaml
index 9dccd57..f41513a 100644
--- a/metal3-chart/charts/media/templates/deployment.yaml
+++ b/metal3-chart/charts/media/templates/deployment.yaml
@@ -34,13 +34,9 @@ spec:
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          command:
-          - /usr/sbin/httpd
-          args:
-          - -DFOREGROUND
           securityContext:
             {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           ports:
             - name: http
diff --git a/metal3-chart/charts/media/values.yaml b/metal3-chart/charts/media/values.yaml
index efa8c21..eff908a 100644
--- a/metal3-chart/charts/media/values.yaml
+++ b/metal3-chart/charts/media/values.yaml
@@ -22,9 +22,9 @@ global:
 replicaCount: 1
 
 image:
-  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
+  repository: registry.suse.com/suse/nginx
   pullPolicy: IfNotPresent
-  tag: 29.0.4.2
+  tag: 1.21
 
 imagePullSecrets: []
 nameOverride: ""
@@ -42,8 +42,8 @@ serviceAccount:
 podAnnotations: {}
 
 podSecurityContext:
-  runAsUser: 10475
-  fsGroup: 10475
+  runAsUser: 499
+  fsGroup: 486
 
 securityContext:
   allowPrivilegeEscalation: false
@@ -102,11 +102,16 @@ volumes:
   - name: assets
     persistentVolumeClaim:
       claimName: media
+  - name: run
+    emptyDir:
+      sizeLimit: 10Mi
 
 # volume mounts
 volumeMounts:
   - mountPath: /srv/www/htdocs
     name: assets
+  - mountPath: /run
+    name: run
 
 # media volume settings
 mediaVolume:
diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml
index 9f86aa8..95a0ab4 100644
--- a/release-manifest-image/release_manifest.yaml
+++ b/release-manifest-image/release_manifest.yaml
@@ -171,7 +171,7 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: '%%CHART_MAJOR%%.0.16+up0.12.6'
+          version: '%%CHART_MAJOR%%.0.19+up0.12.9'
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'