diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d5fbd878..e92c5389 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -46,8 +46,30 @@ jobs:
           java-version: ${{ matrix.java }}
           cache: "maven"
           server-id: ossindex
-          server-username: OSSINDEX_USERNAME
-          server-password: OSSINDEX_TOKEN
+          server-username: ${{ secrets.OSSINDEX_USERNAME }}
+          server-password: ${{ secrets.OSSINDEX_TOKEN }}
+
+      # TODO: Remove this once OSSIndex CI issue is resolved
+      - name: Debug Maven settings.xml (redacted)
+        shell: bash
+        run: |
+          set -euo pipefail
+          SETTINGS="${HOME}/.m2/settings.xml"
+          if [[ ! -f "$SETTINGS" ]]; then
+            echo "No Maven settings.xml found at: $SETTINGS"
+            exit 0
+          fi
+          
+          echo "Maven settings.xml at: $SETTINGS"
+          # Redact common sensitive tags + any <passphrase> if present
+          sed -E \
+          -e 's#(<username>)(</username>)#\1***EMPTY***\2#g; s#(<username>)[^<]+(</username>)#\1***REDACTED***\2#g' \
+          -e 's#(<password>)(</password>)#\1***EMPTY***\2#g; s#(<password>)[^<]+(</password>)#\1***REDACTED***\2#g' \
+          -e 's#(<passphrase>)(</passphrase>)#\1***EMPTY***\2#g; s#(<passphrase>)[^<]+(</passphrase>)#\1***REDACTED***\2#g' \
+          -e 's#(<token>)(</token>)#\1***EMPTY***\2#g; s#(<token>)[^<]+(</token>)#\1***REDACTED***\2#g' \
+          -e 's#(<privateKey>)(</privateKey>)#\1***EMPTY***\2#g; s#(<privateKey>)[^<]+(</privateKey>)#\1***REDACTED***\2#g' \
+          -e 's#(<secret>)(</secret>)#\1***EMPTY***\2#g; s#(<secret>)[^<]+(</secret>)#\1***REDACTED***\2#g' \
+          "$SETTINGS"
 
       - name: Cache SonarQube packages
         if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java }}
@@ -59,11 +81,13 @@ jobs:
 
       - name: Build with Java ${{ matrix.java }}
         run: |
+          # TODO: Remove this once OSSIndex CI issue is resolved.
+          echo "Checking whether the correct Maven settings.xml is used by examination of effective settings:"
+          mvn -q --batch-mode help:effective-settings -Doutput=effective-settings.xml
+          grep -n "<id>ossindex</id>" -n effective-settings.xml || true
+
           mvn --batch-mode -T 1C clean org.jacoco:jacoco-maven-plugin:prepare-agent install \
               -Djava.version=${{ matrix.java }}
-        env:
-          OSSINDEX_USERNAME: ${{ secrets.OSSINDEX_USERNAME }}
-          OSSINDEX_TOKEN: ${{ secrets.OSSINDEX_TOKEN }}
 
       - name: Sonar analysis
         if: ${{ env.DEFAULT_OS == matrix.os && env.DEFAULT_JAVA == matrix.java && env.SONAR_TOKEN != null }}
diff --git a/doc/changes/changes.md b/doc/changes/changes.md
index 29790f90..ea267619 100644
--- a/doc/changes/changes.md
+++ b/doc/changes/changes.md
@@ -1,5 +1,6 @@
 # Changes
 
+* [4.2.3](changes_4.2.3.md)
 * [4.2.2](changes_4.2.2.md)
 * [4.2.1](changes_4.2.1.md)
 * [4.2.0](changes_4.2.0.md)
diff --git a/doc/changes/changes_4.2.3.md b/doc/changes/changes_4.2.3.md
new file mode 100644
index 00000000..e4cd2094
--- /dev/null
+++ b/doc/changes/changes_4.2.3.md
@@ -0,0 +1,11 @@
+# OpenFastTrace 4.2.3, released 2025-02-??
+
+Code name: OSSIndex in CI
+
+## Summary
+
+In this release we fixed the OSSIndex vulnerability scanner authentication in our CI. 
+
+## Bugfixes
+
+* #486: Fixed OSSIndex authentication in CI
diff --git a/parent/pom.xml b/parent/pom.xml
index c7ee11b7..9b9a495c 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -10,7 +10,7 @@
     <description>Free requirement tracking suite</description>
     <url>https://github.com/itsallcode/openfasttrace</url>
     <properties>
-        <revision>4.2.2</revision>
+        <revision>4.2.3</revision>
         <java.version>17</java.version>
         <junit.version>6.1.0-M1</junit.version>
         <junit.version>6.0.2</junit.version>