diff --git a/.buildtools/generateStagingSiteInWebpageRepo b/.buildtools/generateStagingSiteInWebpageRepo
index cab0d515f..d58d2d9d6 100755
--- a/.buildtools/generateStagingSiteInWebpageRepo
+++ b/.buildtools/generateStagingSiteInWebpageRepo
@@ -19,7 +19,7 @@
 ./mvnw -B package site site:stage
 
 # DEVHINT: with trailing slash please!
-targetDirectory=../creadur-site/rat100/
+targetDirectory=../creadur-site/rat018/
 
 echo "Copying site resources into asf-site repo under $targetDirectory"
 cp -rvf target/staging/* $targetDirectory > /dev/null
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 8dd4f3f83..5f0d5e521 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -63,7 +63,7 @@ jobs:
         run: ./mvnw -e -B -V -ntp clean install
 
       - name: Archive integration failure
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: failure()
         with:
           name: reporting-integration-test-failure-logs-${{ matrix.os }}-JDK${{ matrix.java }}-PR${{ github.run_id }}
@@ -72,7 +72,7 @@ jobs:
             apache-rat-core/target/test-classes/ReportTest/**
 
       - name: Archive test failure
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         if: failure()
         with:
           name: test-failure-logs-${{ matrix.os }}-JDK${{ matrix.java }}-PR${{ github.run_id }}
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index adb5e9e62..9e96845fe 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -1,12 +1,14 @@
 name: SonarQube
 on:
   push:
+# RAT-293: Global secrets are not visible on dependabot runs thus block if triggered by Dependabot
     branches:
       - master
   pull_request:
     types: [opened, synchronize, reopened]
 jobs:
   build:
+    if: github.actor != 'dependabot[bot]'
     name: Build and analyze
     runs-on: ubuntu-latest
     steps:
@@ -32,5 +34,5 @@ jobs:
           restore-keys: ${{ runner.os }}-m2
       - name: Build and analyze at ASF-sonarcloud
         env:
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: ./mvnw -X -e verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_creadur-rat -Dsonar.token=${SONAR_TOKEN}
+          SONAR_TOKEN: ${{ secrets.SONARCLOUD_TOKEN }}
+        run: ./mvnw verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=apache_creadur-rat -Dsonar.organization=apache -Dsonar.token=${SONAR_TOKEN}
diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml
index b5501577c..15bcd7fb1 100644
--- a/.mvn/extensions.xml
+++ b/.mvn/extensions.xml
@@ -3,7 +3,7 @@
   <extension>
     <groupId>com.gradle</groupId>
     <artifactId>develocity-maven-extension</artifactId>
-    <version>2.3.2</version>
+    <version>2.3.4</version>
   </extension>
   <extension>
     <groupId>com.gradle</groupId>
diff --git a/apache-rat-core/pom.xml b/apache-rat-core/pom.xml
index 4819f23bc..ae9cd0434 100644
--- a/apache-rat-core/pom.xml
+++ b/apache-rat-core/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-core</artifactId>
   <packaging>jar</packaging>
diff --git a/apache-rat-core/src/test/java/org/apache/rat/OptionCollectionTest.java b/apache-rat-core/src/test/java/org/apache/rat/OptionCollectionTest.java
index 4011ce5e2..eb1805c50 100644
--- a/apache-rat-core/src/test/java/org/apache/rat/OptionCollectionTest.java
+++ b/apache-rat-core/src/test/java/org/apache/rat/OptionCollectionTest.java
@@ -44,7 +44,6 @@
 import org.apache.rat.utils.DefaultLog;
 import org.apache.rat.utils.Log;
 import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.CleanupMode;
 import org.junit.jupiter.api.io.TempDir;
diff --git a/apache-rat-core/src/test/java/org/apache/rat/ReporterOptionsTest.java b/apache-rat-core/src/test/java/org/apache/rat/ReporterOptionsTest.java
index 8af8b6867..ccb82f3c6 100644
--- a/apache-rat-core/src/test/java/org/apache/rat/ReporterOptionsTest.java
+++ b/apache-rat-core/src/test/java/org/apache/rat/ReporterOptionsTest.java
@@ -32,7 +32,6 @@
 import org.apache.rat.utils.DefaultLog;
 import org.apache.rat.utils.Log;
 import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.CleanupMode;
diff --git a/apache-rat-core/src/test/java/org/apache/rat/config/exclusion/ExclusionUtilsTest.java b/apache-rat-core/src/test/java/org/apache/rat/config/exclusion/ExclusionUtilsTest.java
index 48a2897ed..4f3746f2f 100644
--- a/apache-rat-core/src/test/java/org/apache/rat/config/exclusion/ExclusionUtilsTest.java
+++ b/apache-rat-core/src/test/java/org/apache/rat/config/exclusion/ExclusionUtilsTest.java
@@ -20,7 +20,6 @@
 
 import org.apache.rat.ConfigurationException;
 import org.apache.rat.utils.ExtendedIterator;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.io.CleanupMode;
 import org.junit.jupiter.api.io.TempDir;
diff --git a/apache-rat-plugin/pom.xml b/apache-rat-plugin/pom.xml
index 6c56d599b..fa599ea7f 100644
--- a/apache-rat-plugin/pom.xml
+++ b/apache-rat-plugin/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <artifactId>apache-rat-project</artifactId>
     <groupId>org.apache.rat</groupId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-plugin</artifactId>
   <packaging>maven-plugin</packaging>
diff --git a/apache-rat-plugin/src/test/java/org/apache/rat/mp/OptionMojoTest.java b/apache-rat-plugin/src/test/java/org/apache/rat/mp/OptionMojoTest.java
index 68c2864bd..7b9e27e41 100644
--- a/apache-rat-plugin/src/test/java/org/apache/rat/mp/OptionMojoTest.java
+++ b/apache-rat-plugin/src/test/java/org/apache/rat/mp/OptionMojoTest.java
@@ -32,7 +32,6 @@
 import org.apache.rat.utils.DefaultLog;
 import org.codehaus.plexus.component.configurator.ComponentConfigurationException;
 import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.io.CleanupMode;
diff --git a/apache-rat-tasks/pom.xml b/apache-rat-tasks/pom.xml
index 35d003544..b04515038 100644
--- a/apache-rat-tasks/pom.xml
+++ b/apache-rat-tasks/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-tasks</artifactId>
   <packaging>jar</packaging>
diff --git a/apache-rat-tasks/src/test/java/org/apache/rat/anttasks/ReportOptionTest.java b/apache-rat-tasks/src/test/java/org/apache/rat/anttasks/ReportOptionTest.java
index b438f9344..9f66bc74d 100644
--- a/apache-rat-tasks/src/test/java/org/apache/rat/anttasks/ReportOptionTest.java
+++ b/apache-rat-tasks/src/test/java/org/apache/rat/anttasks/ReportOptionTest.java
@@ -35,9 +35,6 @@
 import org.apache.rat.utils.DefaultLog;
 import org.apache.rat.utils.Log;
 import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.condition.EnabledIf;
-import org.junit.jupiter.api.condition.EnabledOnOs;
-import org.junit.jupiter.api.condition.OS;
 import org.junit.jupiter.api.io.CleanupMode;
 import org.junit.jupiter.api.io.TempDir;
 import org.junit.jupiter.params.ParameterizedTest;
diff --git a/apache-rat-testdata/pom.xml b/apache-rat-testdata/pom.xml
index 63f4040c7..1be67fc50 100644
--- a/apache-rat-testdata/pom.xml
+++ b/apache-rat-testdata/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-testdata</artifactId>
   <name>Apache Creadur RAT::Testdata</name>
diff --git a/apache-rat-tools/pom.xml b/apache-rat-tools/pom.xml
index 728694d89..5d440b463 100644
--- a/apache-rat-tools/pom.xml
+++ b/apache-rat-tools/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat-tools</artifactId>
   <packaging>jar</packaging>
diff --git a/apache-rat/pom.xml b/apache-rat/pom.xml
index bcf8b1e23..ee662434e 100644
--- a/apache-rat/pom.xml
+++ b/apache-rat/pom.xml
@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.apache.rat</groupId>
     <artifactId>apache-rat-project</artifactId>
-    <version>1.0.0-SNAPSHOT</version>
+    <version>0.18-SNAPSHOT</version>
   </parent>
   <artifactId>apache-rat</artifactId>
   <packaging>jar</packaging>
diff --git a/pom.xml b/pom.xml
index d9ee8f67d..a74521763 100644
--- a/pom.xml
+++ b/pom.xml
@@ -24,7 +24,7 @@
   </parent>
   <groupId>org.apache.rat</groupId>
   <artifactId>apache-rat-project</artifactId>
-  <version>1.0.0-SNAPSHOT</version>
+  <version>0.18-SNAPSHOT</version>
   <packaging>pom</packaging>
   <name>Apache Creadur RAT</name>
   <url>https://creadur.apache.org/rat/</url>
@@ -53,24 +53,24 @@ agnostic home for software distribution comprehension and audit tools.
     <assertj.version>4.0.0-M1</assertj.version>
     <javaVersion>17</javaVersion>
     <tika.version>3.2.3</tika.version>
-    <mockito.version>5.21.0</mockito.version>
+    <mockito.version>5.22.0</mockito.version>
     <maven.compiler.source>${javaVersion}</maven.compiler.source>
     <maven.compiler.target>${javaVersion}</maven.compiler.target>
     <!-- This is the version of Maven required to use the RAT Maven Plugin -->
     <mavenMinVersion>3.9</mavenMinVersion>
-    <mavenVersion>3.9.12</mavenVersion>
+    <mavenVersion>3.9.13</mavenVersion>
     <creadur.jira.id>RAT</creadur.jira.id>
     <velocity.core.version>2.4.1</velocity.core.version>
     <velocity.tools.version>3.1</velocity.tools.version>
     <!-- maven plugin versions -->
-    <mavenPluginTestingVersion>3.5.0</mavenPluginTestingVersion>
+    <mavenPluginTestingVersion>3.5.1</mavenPluginTestingVersion>
     <mavenPluginPluginVersion>3.15.2</mavenPluginPluginVersion>
     <mavenChangesVersion>3.0.0-M3</mavenChangesVersion>
     <mavenJavadocPluginVersion>3.12.0</mavenJavadocPluginVersion>
     <mavenPmdPluginVersion>3.28.0</mavenPmdPluginVersion>
     <!-- Used to generate download page for RAT during site builds, please adapt versions manually BEFORE doing a release -->
     <!-- START - adapt manually before doing a release -->
-    <previousRatVersion>0.17</previousRatVersion>
+    <previousRatVersion>0.18</previousRatVersion>
     <currentSnapshotRatVersion>1.0.0-SNAPSHOT</currentSnapshotRatVersion>
     <!-- END - adapt manually before doing a release -->
   </properties>
@@ -570,7 +570,7 @@ agnostic home for software distribution comprehension and audit tools.
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-compiler-plugin</artifactId>
-          <version>3.14.1</version>
+          <version>3.15.0</version>
           <configuration>
             <release>${javaVersion}</release>
             <source>${javaVersion}</source>
@@ -585,7 +585,7 @@ agnostic home for software distribution comprehension and audit tools.
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-dependency-plugin</artifactId>
-          <version>3.9.0</version>
+          <version>3.10.0</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
@@ -658,7 +658,7 @@ agnostic home for software distribution comprehension and audit tools.
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-resources-plugin</artifactId>
-          <version>3.4.0</version>
+          <version>3.5.0</version>
           <configuration>
             <propertiesEncoding>ISO-8859-1</propertiesEncoding>
             <addDefaultExcludes>false</addDefaultExcludes>
@@ -667,12 +667,12 @@ agnostic home for software distribution comprehension and audit tools.
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-failsafe-plugin</artifactId>
-          <version>3.5.4</version>
+          <version>3.5.5</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-surefire-plugin</artifactId>
-          <version>3.5.4</version>
+          <version>3.5.5</version>
           <configuration>
             <forkCount>1</forkCount>
             <!-- RAT-293: We need to append to the existing arguments in order for code coverage to work -->
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 766bb80bf..14552c14b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -61,13 +61,16 @@ in order to be properly linked in site reports.
     <author email="dev@creadur.apache.org">Apache Creadur RAT developers</author>
   </properties>
   <body>
-    <!--release version="2.0.0-SNAPSHOT" date="xxxx-yy-zz" description="Current SNAPSHOT - release to be done">
-      <action issue="RAT-xyz" type="update" dev="pottlinger" due-to="dependabot">
-        TODO/TBD: collect all dependabot updates for release 2.0.0.
+    <!--release version="1.0.0-SNAPSHOT" date="xxxx-yy-zz" description="Current SNAPSHOT - release to be done">
+      <action issue="RAT-532" type="update" dev="pottlinger" due-to="dependabot">
+        TODO/TBD: collect all dependabot updates for release 1.0.0.
       </action>
     </release>
     -->
-    <release version="1.0.0" date="xxxx-yy-zz" description="Current SNAPSHOT - release to be done">
+    <release version="0.18" date="xxxx-yy-zz" description="Current SNAPSHOT - release to be done">
+      <action issue="RAT-440" type="add" dev="pottlinger" due-to="guptas6est">
+        Upgrade to doxia 2.0.0 and generate XHTML5 reports during RAT runs (fixes multiple CVEs implicitly).
+      </action>
       <action issue="RAT-475, RAT-533" type="add" dev="pottlinger" due-to="Ryan Schmitt">
         Speedup tests and avoid garbage collection workaround by changing to CleanupMode.NONE in jUnit's TempDir usages.
       </action>
@@ -144,7 +147,7 @@ in order to be properly linked in site reports.
         Changed '/.externalToolBuilders' to '/.externalToolBuilders/**' in the ECLIPSE standard exclusion list and added '**/bin/**' to ignore generated binary folders in Eclipse IDE.
       </action>
       <action issue="RAT-498" type="update" dev="pottlinger" due-to="dependabot">
-        TODO/TBD: collect all dependabot updates for release 1.0.0.
+        TODO/TBD: collect all dependabot updates for release 0.18.
       </action>
     </release>
     <release version="0.17" date="2025-10-12" description=
diff --git a/src/site/xdoc/download_rat.xml.vm b/src/site/xdoc/download_rat.xml.vm
index 69d01ae1b..f87ab7bc8 100644
--- a/src/site/xdoc/download_rat.xml.vm
+++ b/src/site/xdoc/download_rat.xml.vm
@@ -56,7 +56,7 @@ limitations under the License.
           </p>
         </form>
         <p>
-          The <a href="https://www.apache.org/dist/creadur/KEYS">KEYS</a>
+          The <a href="https://downloads.apache.org/creadur/KEYS">KEYS</a>
           file links to the code signing keys used to sign the
           product.  The <code>PGP</code> link downloads the OpenPGP
           compatible signature from our main site.  The
@@ -72,10 +72,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.bz2">apache-rat-${previousRatVersion}-bin.tar.bz2</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.bz2.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.bz2.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.bz2.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.bz2.asc">pgp</a>
             </td>
           </tr>
           <tr>
@@ -83,10 +83,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.gz">apache-rat-${previousRatVersion}-bin.tar.gz</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.gz.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.gz.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.gz.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.tar.gz.asc">pgp</a>
             </td>
           </tr>
           <tr>
@@ -94,10 +94,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.zip">apache-rat-${previousRatVersion}-bin.zip</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.zip.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.zip.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.zip.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-bin.zip.asc">pgp</a>
             </td>
           </tr>
         </table>
@@ -109,10 +109,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.bz2">apache-rat-${previousRatVersion}-src.tar.bz2</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.bz2.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.bz2.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.bz2.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.bz2.asc">pgp</a>
             </td>
           </tr>
           <tr>
@@ -120,10 +120,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.gz">apache-rat-${previousRatVersion}-src.tar.gz</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.gz.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.gz.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.gz.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.tar.gz.asc">pgp</a>
             </td>
           </tr>
           <tr>
@@ -131,10 +131,10 @@ limitations under the License.
               <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.zip">apache-rat-${previousRatVersion}-src.zip</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.zip.sha512">sha512</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.zip.sha512">sha512</a>
             </td>
             <td>
-              <a href="[preferred]/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.zip.asc">pgp</a>
+              <a href="https://downloads.apache.org/creadur/apache-rat-${previousRatVersion}/apache-rat-${previousRatVersion}-src.zip.asc">pgp</a>
             </td>
           </tr>
         </table>