diff --git a/build.gradle b/build.gradle
index 58f8aa4e..b0571825 100644
--- a/build.gradle
+++ b/build.gradle
@@ -171,7 +171,7 @@ def versions = [
     feignHttpClient: '10.2.0',
     gradlePitest: '1.4.5',
     guava: '32.1.2-jre',
-    jacksonDatabind: '2.15.2',
+    jacksonDatabind: '2.16.0',
     apacheLogging: '2.20.0',
     jsonAssert: '1.2.3',
     junit: '4.13.1',
@@ -181,7 +181,6 @@ def versions = [
     pitest: '1.7.3',
     powerMock: '2.0.0',
     puppyCrawl: '8.29',
-    reformPropertiesVolume: '0.0.4',
     reformsJavaLogging: '5.1.1',
     restAssured: '4.5.1',
     serenity: '2.2.13',
@@ -191,10 +190,10 @@ def versions = [
     spring_security_rsa: '1.0.12.RELEASE',
     springBoot: '2.7.18',
     springCloud: '3.1.6',
-    springHateoas: '0.25.1.RELEASE',
+    springHateoas: '1.5.5',
     unirest: '1.4.9',
     wiremockVersion: '2.27.2',
-    springSecurityCrypto: '5.7.5',
+    springSecurityCrypto: '5.7.11',
     tomcat   : '9.0.83',
     pact_version: '4.1.11',
     httpComponents: '4.5.13',
@@ -205,7 +204,7 @@ def versions = [
 
 ext["logback.version"] = '1.2.13'
 ext['snakeyaml.version'] = '2.2'
-ext['jackson.version'] = '2.15.2'
+ext['jackson.version'] = '2.16.0'
 ext['spring-framework.version'] = '5.3.27'
 
 
@@ -250,7 +249,6 @@ dependencies {
     implementation (group: 'commons-beanutils', name: 'commons-beanutils', version: versions.commonsBeanUtils) {
         force = true
     }
-
     implementation (group:  'org.springframework.security', name: 'spring-security-rsa', version: versions.spring_security_rsa) {
         force = true
         exclude group: 'org.springframework.security', module: 'spring-security-crypto'
@@ -259,7 +257,6 @@ dependencies {
     implementation group: 'org.springframework.security', name: 'spring-security-crypto', version: versions.springSecurityCrypto
 
     implementation group: 'org.springframework.boot', name: 'spring-boot-starter-actuator'
-    implementation group: 'org.springframework.cloud', name: 'spring-cloud-starter-bootstrap', version: versions.springCloud
     implementation group: 'org.bouncycastle', name: 'bcprov-jdk18on', version: versions.bouncycastle
 
     implementation group: 'com.github.hmcts', name:'ccd-case-document-am-client', version: versions.ccdCaseDocumentAmClient
@@ -292,7 +289,6 @@ dependencies {
   implementation group: 'uk.gov.hmcts.reform', name: 'logging-appinsights', version: versions.reformsJavaLogging
     implementation group: 'uk.gov.hmcts.reform', name: 'logging-spring', version: versions.reformsJavaLogging
     implementation group: 'uk.gov.hmcts.reform', name: 'logging-httpcomponents', version: versions.reformsJavaLogging
-    implementation group: 'uk.gov.hmcts.reform', name: 'properties-volume-spring-boot-starter', version: versions.reformPropertiesVolume
     implementation (group: 'uk.gov.hmcts.reform', name:'service-auth-provider-client', version: versions.serviceTokenGenerator) {
         exclude group: 'io.reactivex', module: 'io.reactivex'
         exclude group: 'io.reactivex', module: 'rxnetty'
diff --git a/charts/prl-dgs/Chart.yaml b/charts/prl-dgs/Chart.yaml
index c0a7b3b8..7904c76b 100644
--- a/charts/prl-dgs/Chart.yaml
+++ b/charts/prl-dgs/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 appVersion: "1.0"
 description: Family Private Law - Document Generator Service
 name: prl-dgs
-version: 0.0.49
+version: 0.0.51
 dependencies:
     - name: java
-      version: 5.0.0
+      version: 5.2.0
       repository: "https://hmctspublic.azurecr.io/helm/v1/repo/"
diff --git a/charts/prl-dgs/values.aat.template.yaml b/charts/prl-dgs/values.aat.template.yaml
index f4735819..ee150063 100644
--- a/charts/prl-dgs/values.aat.template.yaml
+++ b/charts/prl-dgs/values.aat.template.yaml
@@ -11,15 +11,25 @@ java:
       prl:
         resourceGroup: prl
         secrets:
-          - microservicekey-prl-dgs-api
-          - docmosis-api-key
-          - launchDarkly-sdk-key
-          - AppInsightsInstrumentationKey
-          - prl-cos-idam-client-secret
-          - test-genericpassword
-          - idam-solicitor-username
-          - idam-solicitor-password
-          - system-update-user-username
-          - system-update-user-password
+          - name: microservicekey-prl-dgs-api
+            alias: AUTH_PROVIDER_SERVICE_CLIENT_KEY
+          - name: docmosis-api-key
+            alias: DOCMOSIS_SERVICE_ACCESS_KEY
+          - name: launchDarkly-sdk-key
+            alias: LAUNCH_DARKLY_SDK_KEY
+          - name: AppInsightsInstrumentationKey
+            alias: APP_INSIGHTS_INSTRUMENTATION_KEY
+          - name: prl-cos-idam-client-secret
+            alias: IDAM_CLIENT_SECRET
+          - name: test-genericpassword
+            alias: PRL_GENERIC_PASSWORD
+          - name: idam-solicitor-username
+            alias: IDAM_SOLICITOR_USERNAME
+          - name: idam-solicitor-password
+            alias: IDAM_SOLICITOR_PASSWORD
+          - name: system-update-user-username
+            alias: SYSTEM_UPDATE_USER_USERNAME
+          - name: system-update-user-password
+            alias: PRL_SYSTEM_UPDATE_PASSWORD
 
     aadIdentityName: prl
diff --git a/charts/prl-dgs/values.preview.template.yaml b/charts/prl-dgs/values.preview.template.yaml
index 8099a2c5..5935225d 100644
--- a/charts/prl-dgs/values.preview.template.yaml
+++ b/charts/prl-dgs/values.preview.template.yaml
@@ -6,17 +6,28 @@ java:
       prl:
         resourceGroup: prl
         secrets:
-          - microservicekey-prl-dgs-api
-          - docmosis-api-key
-          - launchDarkly-sdk-key
-          - AppInsightsInstrumentationKey
-          - prl-cos-idam-client-secret
-          - test-genericpassword
-          - idam-solicitor-username
-          - idam-solicitor-password
-          - system-update-user-username
-          - system-update-user-password
-          - app-insights-connection-string
+          - name: microservicekey-prl-dgs-api
+            alias: AUTH_PROVIDER_SERVICE_CLIENT_KEY
+          - name: docmosis-api-key
+            alias: DOCMOSIS_SERVICE_ACCESS_KEY
+          - name: launchDarkly-sdk-key
+            alias: LAUNCH_DARKLY_SDK_KEY
+          - name: AppInsightsInstrumentationKey
+            alias: APP_INSIGHTS_INSTRUMENTATION_KEY
+          - name: prl-cos-idam-client-secret
+            alias: IDAM_CLIENT_SECRET
+          - name: test-genericpassword
+            alias: PRL_GENERIC_PASSWORD
+          - name: idam-solicitor-username
+            alias: IDAM_SOLICITOR_USERNAME
+          - name: idam-solicitor-password
+            alias: IDAM_SOLICITOR_PASSWORD
+          - name: system-update-user-username
+            alias: SYSTEM_UPDATE_USER_USERNAME
+          - name: system-update-user-password
+            alias: PRL_SYSTEM_UPDATE_PASSWORD
+          - name: app-insights-connection-string
+            alias: app-insights-connection-string
     environment:
       MANAGEMENT_ENDPOINT_HEALTH_CACHE_TIMETOLIVE: "30000"
       DOCMOSIS_SERVICE_DEV_MODE_FLAG: "true"
diff --git a/charts/prl-dgs/values.yaml b/charts/prl-dgs/values.yaml
index ced0bbd6..d95f7cdd 100644
--- a/charts/prl-dgs/values.yaml
+++ b/charts/prl-dgs/values.yaml
@@ -11,17 +11,28 @@ java:
       prl:
         resourceGroup: prl
         secrets:
-          - microservicekey-prl-dgs-api
-          - docmosis-api-key
-          - launchDarkly-sdk-key
-          - AppInsightsInstrumentationKey
-          - prl-cos-idam-client-secret
-          - test-genericpassword
-          - idam-solicitor-username
-          - idam-solicitor-password
-          - system-update-user-username
-          - system-update-user-password
-          - app-insights-connection-string
+          - name: microservicekey-prl-dgs-api
+            alias: AUTH_PROVIDER_SERVICE_CLIENT_KEY
+          - name: docmosis-api-key
+            alias: DOCMOSIS_SERVICE_ACCESS_KEY
+          - name: launchDarkly-sdk-key
+            alias: LAUNCH_DARKLY_SDK_KEY
+          - name: AppInsightsInstrumentationKey
+            alias: APP_INSIGHTS_INSTRUMENTATION_KEY
+          - name: prl-cos-idam-client-secret
+            alias: IDAM_CLIENT_SECRET
+          - name: test-genericpassword
+            alias: PRL_GENERIC_PASSWORD
+          - name: idam-solicitor-username
+            alias: IDAM_SOLICITOR_USERNAME
+          - name: idam-solicitor-password
+            alias: IDAM_SOLICITOR_PASSWORD
+          - name: system-update-user-username
+            alias: SYSTEM_UPDATE_USER_USERNAME
+          - name: system-update-user-password
+            alias: PRL_SYSTEM_UPDATE_PASSWORD
+          - name: app-insights-connection-string
+            alias: app-insights-connection-string
     environment:
         AUTH_PROVIDER_SERVICE_CLIENT_BASEURL: "http://rpe-service-auth-provider-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal"
         IDAM_S2S_URL: "http://rpe-service-auth-provider-{{ .Values.global.environment }}.service.core-compute-{{ .Values.global.environment }}.internal"
diff --git a/config/owasp/suppressions.xml b/config/owasp/suppressions.xml
index 5c402b70..fbf9371b 100644
--- a/config/owasp/suppressions.xml
+++ b/config/owasp/suppressions.xml
@@ -1,63 +1,3 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
-    <suppress>
-        <notes><![CDATA[log4j-api-2.17.2.jar ,log4j-to-slf4j-2.17.2.jar]]></notes>
-        <cve>CVE-2022-33915</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-      tomcat-embed-core-9.0.63.jar ]]></notes>
-        <cve>CVE-2022-34305</cve>
-    </suppress>
-    <suppress>
-      <notes><![CDATA[
-        tomcat-embed-websocket-9.0.69.jar ]]></notes>
-      <cve>CVE-2023-41080</cve>
-    </suppress>
-    <suppress>
-        <notes><![CDATA[
-      spring-core-5.3.20.jar ]]></notes>
-    <cve>CVE-2016-1000027</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-      jackson-databind-2.13.3.jar ]]></notes>
-    <cve>CVE-2023-35116</cve>
-    <cve>CVE-2022-45688</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-     tomcat-embed-core-9.0.80.jar ]]></notes>
-    <cve>CVE-2023-42794</cve>
-    <cve>CVE-2023-42795</cve>
-    <cve>CVE-2023-45648</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-     tomcat-embed-websocket-9.0.80.jar ]]></notes>
-    <cve>CVE-2023-42794</cve>
-    <cve>CVE-2023-42795</cve>
-    <cve>CVE-2023-45648</cve>
-  </suppress>
-  <suppress>
-    <notes><![CDATA[
-     spring-security-core-5.6.2.jar]]></notes>
-    <cve>CVE-2023-34034</cve>
-    <cve>CVE-2023-20862</cve>
-  </suppress>
-  <suppress>
-  <notes><![CDATA[
-   file name: spring-hateoas-0.25.1.RELEASE.jar
-   ]]></notes>
-  <packageUrl regex="true">^pkg:maven/org\.springframework\.hateoas/spring\-hateoas@.*$</packageUrl>
-  <cve>CVE-2023-34036</cve>
-  </suppress>
-  <suppress>
-    <notes>temporary></notes>
-    <cve>CVE-2023-45648</cve>
-    <cve>CVE-2023-42795</cve>
-    <cve>CVE-2023-44487</cve>
-    <cve>CVE-2023-5072</cve>
-    <cve>CVE-2023-42794</cve>
-  </suppress>
 </suppressions>
diff --git a/src/main/java/uk/gov/hmcts/reform/prl/documentgenerator/config/HttpConnectionConfiguration.java b/src/main/java/uk/gov/hmcts/reform/prl/documentgenerator/config/HttpConnectionConfiguration.java
index 9507123f..60ec016a 100644
--- a/src/main/java/uk/gov/hmcts/reform/prl/documentgenerator/config/HttpConnectionConfiguration.java
+++ b/src/main/java/uk/gov/hmcts/reform/prl/documentgenerator/config/HttpConnectionConfiguration.java
@@ -12,7 +12,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Primary;
-import org.springframework.hateoas.hal.Jackson2HalModule;
+import org.springframework.hateoas.mediatype.hal.Jackson2HalModule;
 import org.springframework.http.MediaType;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.http.converter.ByteArrayHttpMessageConverter;
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index b613fa9e..71bda1c7 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -508,6 +508,9 @@ spring:
     web:
         resources:
             static-locations:
+    config:
+      import: "optional:configtree:/mnt/secrets/prl/"
+
 
 # GENERAL SPRING BOOT ACTUATOR CONFIG
 # Context path for Spring Boot Actuator endpoints
diff --git a/src/main/resources/bootstrap.yaml b/src/main/resources/bootstrap.yaml
index 817504e3..8b137891 100644
--- a/src/main/resources/bootstrap.yaml
+++ b/src/main/resources/bootstrap.yaml
@@ -1,18 +1 @@
-spring:
-  cloud:
-    propertiesvolume:
-      enabled: true
-      prefixed: true
-      paths: /mnt/secrets/prl
-      aliases:
-        prl.microservicekey-prl-dgs-api: AUTH_PROVIDER_SERVICE_CLIENT_KEY
-        prl.docmosis-api-key: DOCMOSIS_SERVICE_ACCESS_KEY
-        prl.launchDarkly-sdk-key: LAUNCH_DARKLY_SDK_KEY
-        prl.AppInsightsInstrumentationKey: APP_INSIGHTS_INSTRUMENTATION_KEY
-        prl.prl-cos-idam-client-secret: IDAM_CLIENT_SECRET
-        prl.test-genericpassword: PRL_GENERIC_PASSWORD
-        prl.idam-solicitor-username: IDAM_SOLICITOR_USERNAME
-        prl.idam-solicitor-password: IDAM_SOLICITOR_PASSWORD
-        prl.system-update-user-password: PRL_SYSTEM_UPDATE_PASSWORD
-        prl.system-update-user-username: SYSTEM_UPDATE_USER_USERNAME