diff --git a/.circleci/config.yml b/.circleci/config.yml
index 8be3533..2ea0878 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -161,6 +161,7 @@ workflows:
               ignore:
                 - master
                 - variant/ubi
+                - variant/ubi10
       - publish-single-arch:
           matrix:
             parameters:
@@ -174,6 +175,7 @@ workflows:
               only:
                 - master
                 - variant/ubi
+                - variant/ubi10
       - publish-multi-arch:
           matrix:
             parameters:
@@ -188,3 +190,4 @@ workflows:
               only:
                 - master
                 - variant/ubi
+                - variant/ubi10
\ No newline at end of file
diff --git a/Dockerfile.tpl b/Dockerfile.tpl
index b05e0d4..50adf40 100644
--- a/Dockerfile.tpl
+++ b/Dockerfile.tpl
@@ -9,18 +9,18 @@ FROM ${BASE_IMAGE} AS core
 # TODO: switch `vim` back to `vim-minimal` once https://issues.redhat.com/browse/RHEL-25748 is resolved
 RUN microdnf -y upgrade && \
     microdnf -y install \
-        hostname \
-        iputils \
-        less \
-        ncurses \
-        openssh-clients \
-        rsync \
-        tar \
-        unzip \
-        uuid \
-        vim-minimal \
-        /usr/bin/ps \
-        /usr/bin/which \
+    hostname \
+    iputils \
+    less \
+    ncurses \
+    openssh-clients \
+    rsync \
+    tar \
+    unzip \
+    uuid \
+    vim-minimal \
+    /usr/bin/ps \
+    /usr/bin/which \
     && \
     rm -rf /var/cache/yum
 
@@ -35,14 +35,23 @@ RUN microdnf -y install \
     automake \
     gcc \
     git \
-    java-1.8.0-openjdk-devel \
     libtool \
     make
 
+
+RUN if [ "$(uname -m)" = "x86_64" ]; then \
+        curl -L https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u482-b08/OpenJDK8U-jdk_x64_linux_hotspot_8u482b08.tar.gz --output /tmp/openjdk8.tar.gz; \
+    elif [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "arm64" ]; then \
+        curl -L https://github.com/adoptium/temurin8-binaries/releases/download/jdk8u482-b08/OpenJDK8U-jdk_aarch64_linux_hotspot_8u482b08.tar.gz --output /tmp/openjdk8.tar.gz; \
+    fi && \
+    tar -xzf /tmp/openjdk8.tar.gz -C /opt && \
+    rm -f /tmp/openjdk8.tar.gz
+
 ## Checkout and build JICMP
 RUN git config --global advice.detachedHead false
 
-RUN git clone --depth 1 --branch "${JICMP_VERSION}" "${JICMP_GIT_REPO_URL}" /usr/src/jicmp && \
+RUN export JAVA_HOME=/opt/jdk8u482-b08 && export PATH=/opt/jdk8u482-b08/bin:$PATH && \
+    git clone --depth 1 --branch "${JICMP_VERSION}" "${JICMP_GIT_REPO_URL}" /usr/src/jicmp && \
     cd /usr/src/jicmp && \
     git submodule update --init --recursive --depth 1 && \
     autoreconf -fvi && \
@@ -50,7 +59,8 @@ RUN git clone --depth 1 --branch "${JICMP_VERSION}" "${JICMP_GIT_REPO_URL}" /usr
 RUN cd /usr/src/jicmp && make -j1
 
 # Checkout and build JICMP6
-RUN git clone --depth 1 --branch "${JICMP6_VERSION}" "${JICMP6_GIT_REPO_URL}" /usr/src/jicmp6 && \
+RUN export JAVA_HOME=/opt/jdk8u482-b08 && export PATH=/opt/jdk8u482-b08/bin:$PATH && \
+    git clone --depth 1 --branch "${JICMP6_VERSION}" "${JICMP6_GIT_REPO_URL}" /usr/src/jicmp6 && \
     cd /usr/src/jicmp6 && \
     git submodule update --init --recursive --depth 1 && \
     autoreconf -fvi && \
@@ -66,13 +76,47 @@ RUN cd /usr/src/jattach && make
 ##
 FROM core
 
-RUN microdnf -y install \
-        "java-${JAVA_MAJOR_VERSION}-openjdk-headless" \
-    && \
-    rm -rf /var/cache/yum
+# if JAVA_MAJOR_VERSION is 11, use this:
+# https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.30%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.30_7.tar.gz
+RUN if [ "${JAVA_MAJOR_VERSION}" = "11" ]; then \
+    if [ "$(uname -m)" = "x86_64" ]; then \
+        curl -L "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.30%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.30_7.tar.gz" --output /tmp/openjdk.tar.gz; \
+    elif [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "arm64" ]; then \
+        curl -L "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.30%2B7/OpenJDK11U-jdk_aarch64_linux_hotspot_11.0.30_7.tar.gz" --output /tmp/openjdk.tar.gz; \
+    fi && \
+    tar -xzf /tmp/openjdk.tar.gz -C /opt && \
+    rm -f /tmp/openjdk.tar.gz; \
+    fi
+# if JAVA_MAJOR_VERSION is 17, use this:
+# https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.18%2B8/OpenJDK17U-jdk_x64_linux_hotspot_17.0.18_8.tar.gz
+RUN if [ "${JAVA_MAJOR_VERSION}" = "17" ]; then \
+    if [ "$(uname -m)" = "x86_64" ]; then \
+        curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.18%2B8/OpenJDK17U-jdk_x64_linux_hotspot_17.0.18_8.tar.gz" --output /tmp/openjdk.tar.gz; \
+    elif [ "$(uname -m)" = "aarch64" ] || [ "$(uname -m)" = "arm64" ]; then \
+        curl -L "https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.18%2B8/OpenJDK17U-jdk_aarch64_linux_hotspot_17.0.18_8.tar.gz" --output /tmp/openjdk.tar.gz; \
+    fi && \
+    tar -xzf /tmp/openjdk.tar.gz -C /opt && \
+    rm -f /tmp/openjdk.tar.gz; \
+    fi
+# else install using microdnf
+RUN if [ "${JAVA_MAJOR_VERSION}" != "11" ] && [ "${JAVA_MAJOR_VERSION}" != "17" ]; then \
+    echo "Installing OpenJDK ${JAVA_MAJOR_VERSION} via microdnf"; \
+    microdnf -y install \
+    "java-${JAVA_MAJOR_VERSION}-openjdk-headless" && \
+    rm -rf /var/cache/yum; \
+    fi
+
+# Set JAVA_HOME based on installed version - create a symlink for consistency
+RUN if [ "${JAVA_MAJOR_VERSION}" = "11" ]; then \
+    ln -sf /opt/jdk-11.0.30+7 /opt/java; \
+    elif [ "${JAVA_MAJOR_VERSION}" = "17" ]; then \
+    ln -sf /opt/jdk-17.0.18+8 /opt/java; \
+    else \
+    ln -sf $(dirname $(dirname $(readlink -f $(which java)))) /opt/java; \
+    fi
 
 # Set JAVA_HOME at runtime
-ENV JAVA_HOME=${JAVA_HOME}
+ENV JAVA_HOME=/opt/java
 
 # To be able to use DGRAM to send ICMP messages we have to give the java binary CAP_NET_RAW capabilities in Linux.
 COPY do-setcap.sh /usr/local/bin/
@@ -80,11 +124,11 @@ RUN /usr/local/bin/do-setcap.sh
 
 # Install confd
 RUN if [ "$(uname -m)" = "x86_64" ]; then \
-      curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-amd64.tar.gz" --output /tmp/confd.tar.gz; \
+    curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-amd64.tar.gz" --output /tmp/confd.tar.gz; \
     elif [ "$(uname -m)" = "armv7l" ]; then \
-      curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-arm7.tar.gz" --output /tmp/confd.tar.gz; \
+    curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-arm7.tar.gz" --output /tmp/confd.tar.gz; \
     else \
-      curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-arm64.tar.gz" --output /tmp/confd.tar.gz; \
+    curl -L "${CONFD_SOURCE}/releases/download/v${CONFD_VERSION}/confd-v${CONFD_VERSION}-linux-arm64.tar.gz" --output /tmp/confd.tar.gz; \
     fi && \
     cd /usr/bin && \
     tar -xzf /tmp/confd.tar.gz && \
@@ -115,24 +159,27 @@ RUN curl -L "${PROM_JMX_EXPORTER_URL}" --output ./jmx_prometheus_javaagent.jar &
     chmod 2775 /opt/prom-jmx-exporter && \
     chmod 0664 /opt/prom-jmx-exporter/*
 
+# Install OpenNMS yum repo, 
+# NOTE: we are disabling gpgcheck and signature verification here to avoid issues with
+# our current signing setup; 
 RUN curl -L --output /tmp/repo.rpm https://yum.opennms.org/repofiles/opennms-repo-stable-rhel9.noarch.rpm && \
-    rpm -Uf /tmp/repo.rpm && \
-    rpm --import https://yum.opennms.org/OPENNMS-GPG-KEY
+    rpm -Uvh --nodigest --nosignature --noverify /tmp/repo.rpm && \
+    sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/opennms*.repo && \
+    rm -f /tmp/repo.rpm
 
 LABEL org.opencontainers.image.created="${BUILD_DATE}" \
-      org.opencontainers.image.title="OpenNMS deploy based on ${BASE_IMAGE}" \
-      org.opencontainers.image.source="${VCS_SOURCE}" \
-      org.opencontainers.image.revision="${VCS_REVISION}" \
-      org.opencontainers.image.version="${VERSION}" \
-      org.opencontainers.image.vendor="The OpenNMS Group, Inc." \
-      org.opencontainers.image.authors="OpenNMS Community" \
-      org.opencontainers.image.licenses="AGPL-3.0" \
-      org.opennms.image.base="${BASE_IMAGE}" \
-      org.opennms.image.java.version="${JAVA_MAJOR_VERSION}" \
-      org.opennms.image.java.home="${JAVA_HOME}" \
-      org.opennms.image.jicmp.version="${JICMP_VERSION}" \
-      org.opennms.image.jicmp6.version="${JICMP6_VERSION}" \
-      org.opennms.cicd.branch="${BUILD_BRANCH}" \
-      org.opennms.cicd.buildurl="${BUILD_URL}" \
-      org.opennms.cicd.buildnumber="${BUILD_NUMBER}"
-
+    org.opencontainers.image.title="OpenNMS deploy based on ${BASE_IMAGE}" \
+    org.opencontainers.image.source="${VCS_SOURCE}" \
+    org.opencontainers.image.revision="${VCS_REVISION}" \
+    org.opencontainers.image.version="${VERSION}" \
+    org.opencontainers.image.vendor="The OpenNMS Group, Inc." \
+    org.opencontainers.image.authors="OpenNMS Community" \
+    org.opencontainers.image.licenses="AGPL-3.0" \
+    org.opennms.image.base="${BASE_IMAGE}" \
+    org.opennms.image.java.version="${JAVA_MAJOR_VERSION}" \
+    org.opennms.image.java.home="${JAVA_HOME}" \
+    org.opennms.image.jicmp.version="${JICMP_VERSION}" \
+    org.opennms.image.jicmp6.version="${JICMP6_VERSION}" \
+    org.opennms.cicd.branch="${BUILD_BRANCH}" \
+    org.opennms.cicd.buildurl="${BUILD_URL}" \
+    org.opennms.cicd.buildnumber="${BUILD_NUMBER}"
diff --git a/Makefile b/Makefile
index 18a5a4e..94fc32f 100644
--- a/Makefile
+++ b/Makefile
@@ -10,7 +10,7 @@
 
 SHELL                     := bash -o nounset -o pipefail -o errexit
 BUILD_DATE                := $(shell date -u +"%Y-%m-%dT%H:%M:%SZ")
-BASE_IMAGE                := registry.access.redhat.com/ubi9-minimal
+BASE_IMAGE                := registry.access.redhat.com/ubi10-minimal
 
 DOCKER_BUILDKIT           := 1
 DOCKER_CLI_EXPERIMENTAL   := enabled
@@ -18,13 +18,13 @@ ARCHITECTURE              := linux/amd64
 BUILDER_INSTANCE          := env-deploy-base-oci
 TAG_ARCH                  := $(subst /,-,$(subst linux/,,$(ARCHITECTURE)))
 
-JAVA_MAJOR_VERSION        := 11
+JAVA_MAJOR_VERSION        := 21
 JAVA_PKG                  := openjdk-$(JAVA_MAJOR_VERSION)-jre-headless
 JAVA_HOME                  = /usr/lib/jvm/jre-${JAVA_MAJOR_VERSION}
 
 # Version fallback uses the latest git version tag or the git hash if no git version is set.
 # e.g. last git version tag is v1.1.0 -> 1.1.0 is used, otherwise the git hash
-VERSION                   ?= ubi9-$(shell cat version.txt | sed -e 's,[\r\n]*,,')
+VERSION                   ?= ubi10-$(shell cat version.txt | sed -e 's,[\r\n]*,,')
 CONTAINER_REGISTRY        ?= localhost
 CONTAINER_REGISTRY_LOGIN  ?= unset
 CONTAINER_REGISTRY_PASS   ?= unset
@@ -41,10 +41,10 @@ BUILD_URL                 ?= unset
 BUILD_BRANCH              ?= $(shell git branch --show-current)
 
 JICMP_GIT_REPO_URL        := https://github.com/opennms/jicmp
-JICMP_VERSION             := jicmp-3.0.0-2
+JICMP_VERSION             := jicmp-3.0.5-1
 
 JICMP6_GIT_REPO_URL       := https://github.com/opennms/jicmp6
-JICMP6_VERSION            := jicmp6-3.0.0-2
+JICMP6_VERSION            := jicmp6-3.0.5-1
 
 JATTACH_GIT_REPO_URL      := https://github.com/jattach/jattach
 JATTACH_VERSION           := v2.1