diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index 4d249c34..4a4bbcf6 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -17,6 +17,7 @@ assignees: ''
 <!-- A clear and concise description of what you expected to happen. -->
 
 **Please complete the following information about the solution:**
+
 - [ ] Version: [e.g. v1.0.0]
 - [ ] Region: [e.g. us-east-1]
 - [ ] Was the solution modified from the version published on this repository?
diff --git a/CHANGELOG.md b/CHANGELOG.md
index c2d12a74..7eb03de2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.1.2] - 2024-04-29
+
+### Fixed
+
+- Upgrade formidable to resolve CVE
+- Upgrade mysql2 to resolve CVE
+
 ## [1.1.1] - 2024-04-18
 
 ### Fixed
diff --git a/makefiles/common_config.mk b/makefiles/common_config.mk
index 18024643..ce066828 100644
--- a/makefiles/common_config.mk
+++ b/makefiles/common_config.mk
@@ -15,7 +15,7 @@ export AWS_REGION ?= ${DEFAULTS.AWS_REGION}
 # ========================================================
 export SOLUTION_NAME ?= connected-mobility-solution-on-aws
 export SOLUTION_DESCRIPTION ?= Accelerate development and deployment of connected vehicle assets with purpose-built, deployment-ready accelerators, and an Automotive Cloud Developer Portal
-export SOLUTION_VERSION ?= v1.1.1
+export SOLUTION_VERSION ?= v1.1.2
 export SOLUTION_AUTHOR = AWS Industrial Solutions Team
 export SOLUTION_ID = SO0241
 # Path is relative to this file's location, moving this file requires updating this path.
diff --git a/source/lib/setup.py b/source/lib/setup.py
index 53c5df7e..f4ffcbb1 100644
--- a/source/lib/setup.py
+++ b/source/lib/setup.py
@@ -49,7 +49,7 @@ def finalize_options(self) -> None:
         "toml>=0.10.2",
     ],
     name="cms_common",
-    version="1.1.1",
+    version="1.1.2",
     description="Common library used in CMS modules",
     packages=find_packages(
         exclude=[
diff --git a/source/modules/acdp/backstage/cdk/Makefile b/source/modules/acdp/backstage/cdk/Makefile
index 7804aa57..57f29fe7 100644
--- a/source/modules/acdp/backstage/cdk/Makefile
+++ b/source/modules/acdp/backstage/cdk/Makefile
@@ -17,7 +17,7 @@ export AWS_REGION ?= ${DEFAULTS.AWS_REGION}
 # ========================================================
 export SOLUTION_NAME ?= connected-mobility-solution-on-aws
 export SOLUTION_DESCRIPTION ?= Accelerate development and deployment of connected vehicle assets with purpose-built, deployment-ready accelerators, and an Automotive Cloud Developer Portal
-export SOLUTION_VERSION ?= v1.1.1
+export SOLUTION_VERSION ?= v1.1.2
 export SOLUTION_AUTHOR = AWS Industrial Solutions Team
 export SOLUTION_ID = SO0241
 export APPLICATION_TYPE = AWS-Solutions
diff --git a/source/modules/acdp/backstage/package.json b/source/modules/acdp/backstage/package.json
index 335fe668..c7bab7e8 100644
--- a/source/modules/acdp/backstage/package.json
+++ b/source/modules/acdp/backstage/package.json
@@ -1,6 +1,6 @@
 {
   "name": "acdp-backstage",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "private": true,
   "license": "Apache-2.0",
   "description": "Backstage implementation preconfigured to work with CMS",
@@ -44,7 +44,8 @@
   "resolutions": {
     "@types/react": "^18",
     "@types/react-dom": "^18",
-    "mysql2": "^3.9.4"
+    "mysql2": "^3.9.7",
+    "formidable": "^3.2.4"
   },
   "lint-staged": {
     "*.{js,jsx,ts,tsx,mjs,cjs}": [
diff --git a/source/modules/acdp/backstage/packages/app/package.json b/source/modules/acdp/backstage/packages/app/package.json
index ea56dc82..a7f980e1 100644
--- a/source/modules/acdp/backstage/packages/app/package.json
+++ b/source/modules/acdp/backstage/packages/app/package.json
@@ -1,6 +1,6 @@
 {
   "name": "app",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "private": true,
   "bundled": true,
   "license": "Apache-2.0",
diff --git a/source/modules/acdp/backstage/packages/backend/package.json b/source/modules/acdp/backstage/packages/backend/package.json
index d63eeef7..38d8f7fe 100644
--- a/source/modules/acdp/backstage/packages/backend/package.json
+++ b/source/modules/acdp/backstage/packages/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "backend",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "main": "dist/index.cjs.js",
   "types": "src/index.ts",
   "private": true,
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/package.json b/source/modules/acdp/backstage/plugins/acdp-backend/package.json
index fb7ac0d2..51387eeb 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/package.json
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/package.json
@@ -1,7 +1,7 @@
 {
   "name": "backstage-plugin-acdp-backend",
   "description": "ACDP Backend plugin for Backstage",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "main": "src/index.ts",
   "types": "src/index.ts",
   "license": "Apache-2.0",
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/src/api/acdp-build-api.test.ts b/source/modules/acdp/backstage/plugins/acdp-backend/src/api/acdp-build-api.test.ts
index 09e4051a..034abc78 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/src/api/acdp-build-api.test.ts
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/src/api/acdp-build-api.test.ts
@@ -55,7 +55,7 @@ function setupCommonBuildMocks() {
           {
             name: "CFN_TEMPLATE_URL",
             value:
-              "https://acdp-assets.s3.us-west-2.amazonaws.com/connected-mobility-solution-on-aws/v1.1.1/cms-sample/cms-sample.template",
+              "https://acdp-assets.s3.us-west-2.amazonaws.com/connected-mobility-solution-on-aws/v1.1.2/cms-sample/cms-sample.template",
           },
           { name: "APP_UNIQUE_ID", value: "cms" },
         ]),
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.test.ts b/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.test.ts
index 93e5c8f1..d5a97d68 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.test.ts
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.test.ts
@@ -61,7 +61,7 @@ function setupCommonBuildMocks() {
           {
             name: "CFN_TEMPLATE_URL",
             value:
-              "https://acdp-assets.s3.us-west-2.amazonaws.com/connected-mobility-solution-on-aws/v1.1.1/cms-sample/cms-sample.template",
+              "https://acdp-assets.s3.us-west-2.amazonaws.com/connected-mobility-solution-on-aws/v1.1.2/cms-sample/cms-sample.template",
           },
           { name: "APP_UNIQUE_ID", value: "cms" },
         ]),
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.ts b/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.ts
index f4b7a06a..250048ee 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.ts
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/src/service/acdp-build-service.ts
@@ -483,6 +483,7 @@ function removeUrlPrefix(input: string): string {
 
 function getCodeBuildSourceTypeForUrl(url: string): SourceType {
   const githubPattern = /^https?:\/\/(www\.)?github\.com\/.+\/.+$/;
+  //NOSONAR
   const s3Pattern =
     /^https?:\/\/s3[\.-](?:[a-z0-9-]+)\.amazonaws\.com\/.+|https?:\/\/[a-z0-9-]+\.s3[\.-](?:[a-z0-9-]+)\.amazonaws\.com\/.+/;
 
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/aws-s3-helper.ts b/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/aws-s3-helper.ts
index 60eb438f..c03f2abd 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/aws-s3-helper.ts
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/aws-s3-helper.ts
@@ -14,7 +14,6 @@ import { Upload } from "@aws-sdk/lib-storage";
 import { Logger } from "winston";
 import createLimiter from "p-limit";
 import recursiveReadDir from "recursive-readdir";
-import platformPath from "path";
 import path from "path";
 import fs from "fs";
 import { Entity, DEFAULT_NAMESPACE } from "@backstage/catalog-model";
@@ -81,8 +80,6 @@ export class AwsS3Helper {
     localDirectoryPath: string,
     s3Prefix: string,
   ) {
-    const objects: string[] = [];
-
     try {
       const fileList = await recursiveReadDir(localDirectoryPath).catch(
         (error: Error) => {
@@ -94,7 +91,7 @@ export class AwsS3Helper {
 
       await bulkStorageOperation(
         async (absoluteFilePath: string) => {
-          const relativeFilePath = platformPath.relative(
+          const relativeFilePath = path.relative(
             localDirectoryPath,
             absoluteFilePath,
           );
@@ -107,8 +104,6 @@ export class AwsS3Helper {
             ...(this.sse && { ServerSideEncryption: this.sse }),
           };
 
-          objects.push(params.Key!);
-
           const upload = new Upload({
             client: this.s3Client,
             params,
diff --git a/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/validators.ts b/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/validators.ts
index 34ce0362..b3138ba7 100644
--- a/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/validators.ts
+++ b/source/modules/acdp/backstage/plugins/acdp-backend/src/utils/validators.ts
@@ -4,6 +4,7 @@
 import { AcdpBuildAction } from "backstage-plugin-acdp-common";
 import { z } from "zod";
 
+//NOSONAR
 export const startBuildInputSchema = z.object({
   entityRef: z
     .string()
diff --git a/source/modules/acdp/backstage/plugins/acdp-common/package.json b/source/modules/acdp/backstage/plugins/acdp-common/package.json
index 06cd640f..67451d84 100644
--- a/source/modules/acdp/backstage/plugins/acdp-common/package.json
+++ b/source/modules/acdp/backstage/plugins/acdp-common/package.json
@@ -1,7 +1,7 @@
 {
   "name": "backstage-plugin-acdp-common",
   "description": "Common interfaces for ACDP plugins",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "main": "src/index.ts",
   "types": "src/index.ts",
   "license": "Apache-2.0",
diff --git a/source/modules/acdp/backstage/plugins/acdp/package.json b/source/modules/acdp/backstage/plugins/acdp/package.json
index 54e15705..8fc34bbd 100644
--- a/source/modules/acdp/backstage/plugins/acdp/package.json
+++ b/source/modules/acdp/backstage/plugins/acdp/package.json
@@ -1,7 +1,7 @@
 {
   "name": "backstage-plugin-acdp",
   "description": "ACDP plugin for Backstage",
-  "version": "1.1.1",
+  "version": "1.1.2",
   "main": "src/index.ts",
   "types": "src/index.ts",
   "license": "Apache-2.0",
diff --git a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/TeardownConfirmDialog.tsx b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/TeardownConfirmDialog.tsx
index b64654a0..0a9acf66 100644
--- a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/TeardownConfirmDialog.tsx
+++ b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/TeardownConfirmDialog.tsx
@@ -76,6 +76,7 @@ const Contents = ({
     [alertApi, onConfirm, state],
   );
 
+  //NOSONAR
   const DialogActionsPanel = () => (
     <DialogActions className={classes.dialogActions}>
       <Button onClick={onClose} color="primary">
diff --git a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/useTeardownConfirmDialogState.ts b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/useTeardownConfirmDialogState.ts
index 381942fa..0668bb93 100644
--- a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/useTeardownConfirmDialogState.ts
+++ b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/TeardownConfirmDialog/useTeardownConfirmDialogState.ts
@@ -48,7 +48,7 @@ export function useTeardownConfirmDialogState(
   // Load the prerequisite data: what entities that are colocated with us, and
   // what location that spawned us
   const prerequisites = useAsync(async () => {
-    //todo: fetch CFN template status here.
+    //future: fetch CFN template status here.
   }, [entity]);
 
   const teardownEntity = useCallback(
diff --git a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/WidgetContent.tsx b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/WidgetContent.tsx
index d55c2fd8..787d81a9 100644
--- a/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/WidgetContent.tsx
+++ b/source/modules/acdp/backstage/plugins/acdp/src/components/CodeBuildWidget/WidgetContent.tsx
@@ -79,7 +79,6 @@ export const WidgetContent = (props: WidgetContentProps) => {
       entityRef: entityRef,
       action: AcdpBuildAction.TEARDOWN,
     });
-    //todo: on success, unregister the entity?
   };
 
   return (
diff --git a/source/modules/acdp/backstage/yarn.lock b/source/modules/acdp/backstage/yarn.lock
index d93967c9..f2043f36 100644
--- a/source/modules/acdp/backstage/yarn.lock
+++ b/source/modules/acdp/backstage/yarn.lock
@@ -11211,7 +11211,7 @@ anymatch@^3.0.3, anymatch@~3.1.2:
     picomatch "^2.0.4"
 
 "app@file:packages/app":
-  version "1.1.1"
+  version "1.1.2"
   dependencies:
     "@backstage/app-defaults" "^1.5.0"
     "@backstage/catalog-model" "^1.4.4"
@@ -15708,15 +15708,14 @@ format@^0.2.0:
   resolved "https://registry.npmjs.org/format/-/format-0.2.2.tgz#d6170107e9efdc4ed30c9dc39016df942b5cb58b"
   integrity sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==
 
-formidable@^2.1.2:
-  version "2.1.2"
-  resolved "https://registry.npmjs.org/formidable/-/formidable-2.1.2.tgz#fa973a2bec150e4ce7cac15589d7a25fc30ebd89"
-  integrity sha512-CM3GuJ57US06mlpQ47YcunuUZ9jpm8Vx+P2CGt2j7HpgkKZO/DJYQ0Bobim8G6PFQmK5lOqOOdUXboU+h73A4g==
+formidable@^2.1.2, formidable@^3.2.4:
+  version "3.5.1"
+  resolved "https://registry.npmjs.org/formidable/-/formidable-3.5.1.tgz#9360a23a656f261207868b1484624c4c8d06ee1a"
+  integrity sha512-WJWKelbRHN41m5dumb0/k8TeAx7Id/y3a+Z7QfhxP/htI9Js5zYaEDtG8uMgG0vM0lOlqnmjE99/kfpOYi/0Og==
   dependencies:
     dezalgo "^1.0.4"
     hexoid "^1.0.0"
     once "^1.4.0"
-    qs "^6.11.0"
 
 forwarded@0.2.0:
   version "0.2.0"
@@ -20317,10 +20316,10 @@ mute-stream@^1.0.0, mute-stream@~1.0.0:
   resolved "https://registry.npmjs.org/mute-stream/-/mute-stream-1.0.0.tgz#e31bd9fe62f0aed23520aa4324ea6671531e013e"
   integrity sha512-avsJQhyd+680gKXyG/sQc0nXaC6rBkPOfyHYcFb9+hdkqQkR9bdnkJ0AMZhke0oesPqIO+mFFJ+IdBc7mst4IA==
 
-mysql2@^3.0.0, mysql2@^3.9.4:
-  version "3.9.4"
-  resolved "https://registry.npmjs.org/mysql2/-/mysql2-3.9.4.tgz#0d4f666015f8ed213aa6f2f5e59065eb99d7c3de"
-  integrity sha512-OEESQuwxMza803knC1YSt7NMuc1BrK9j7gZhCSs2WAyxr1vfiI7QLaLOKTh5c9SWGz98qVyQUbK8/WckevNQhg==
+mysql2@^3.0.0, mysql2@^3.9.7:
+  version "3.9.7"
+  resolved "https://registry.npmjs.org/mysql2/-/mysql2-3.9.7.tgz#843755daf65b5ef08afe545fe14b8fb62824741a"
+  integrity sha512-KnJT8vYRcNAZv73uf9zpXqNbvBG7DJrs+1nACsjZP1HMJ1TgXEy8wnNilXAn/5i57JizXKtrUtwDB7HxT9DDpw==
   dependencies:
     denque "^2.1.0"
     generate-function "^2.3.1"
diff --git a/source/modules/cms_alerts/README.md b/source/modules/cms_alerts/README.md
index 4cdf3fcd..80e82364 100644
--- a/source/modules/cms_alerts/README.md
+++ b/source/modules/cms_alerts/README.md
@@ -30,7 +30,7 @@
 
 CMS Alerts is a deployable module within [Connected Mobility Solution on AWS](/README.md) (CMS)
 that enables a notification mechanism for vehicles and modules to send alerts to user via email.
-A User must subscribe to these notification via subscription management API provided in the module, 
+A User must subscribe to these notification via subscription management API provided in the module,
 and modules can send the notification via publish API.
 
 For more information and a detailed deployment guide, visit the
diff --git a/source/modules/cms_api/source/infrastructure/constructs/athena_data_source.py b/source/modules/cms_api/source/infrastructure/constructs/athena_data_source.py
index edb00ec7..f9232825 100644
--- a/source/modules/cms_api/source/infrastructure/constructs/athena_data_source.py
+++ b/source/modules/cms_api/source/infrastructure/constructs/athena_data_source.py
@@ -49,7 +49,7 @@ def __init__(
         report_metrics_enabled: str,
         deployment_uuid: str,
         vpc_construct: VpcConstruct,
-    ) -> None:
+    ) -> None:  # NOSONAR
         super().__init__(scope, construct_id)
 
         self.athena_result_bucket = CMKEncryptedS3Construct(
diff --git a/source/modules/vpc/source/template.yaml b/source/modules/vpc/source/template.yaml
index 2d75260f..7b613ccb 100644
--- a/source/modules/vpc/source/template.yaml
+++ b/source/modules/vpc/source/template.yaml
@@ -1,7 +1,7 @@
 
 
 AWSTemplateFormatVersion: "2010-09-09"
-Description: (SO0241-CMS.23) connected-mobility-solution-on-aws - vpc. Version v1.1.1
+Description: (SO0241-CMS.23) connected-mobility-solution-on-aws - vpc. Version v1.1.2
   This template deploys a VPC, with a pair of public and private subnets spread
   across two Availability Zones. It deploys an internet gateway, with a default
   route on the public subnets. It deploys a pair of NAT gateways (one in each AZ),