diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 36c38f12..fc24763b 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -25,7 +25,7 @@ jobs:
   test:
     runs-on:
       - codebuild-defguard-proxy-runner-${{ github.run_id }}-${{ github.run_attempt }}
-    container: rust:1
+    container: public.ecr.aws/docker/library/rust:1
 
     steps:
       - name: Debug
@@ -47,6 +47,8 @@ jobs:
           rustup component add clippy
           cargo clippy --all-targets --all-features -- -D warnings
       - name: Run cargo deny
-        uses: EmbarkStudios/cargo-deny-action@v2
+        run: |
+          cargo install cargo-deny
+          cargo deny check
       - name: Run tests
         run: cargo test --locked --no-fail-fast
diff --git a/Cargo.lock b/Cargo.lock
index e03a895c..9407d6ae 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -597,7 +597,7 @@ dependencies = [
 [[package]]
 name = "defguard_version"
 version = "0.0.0"
-source = "git+https://github.com/DefGuard/defguard.git?rev=f61ce40927a4d21095ea53a691219d5ae46e3e4e#f61ce40927a4d21095ea53a691219d5ae46e3e4e"
+source = "git+https://github.com/DefGuard/defguard.git?rev=a5709e7117103458ad8417d4437a8a369ca5bbce#a5709e7117103458ad8417d4437a8a369ca5bbce"
 dependencies = [
  "http",
  "os_info",
diff --git a/Cargo.toml b/Cargo.toml
index 0c1ffebd..4620329d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -7,7 +7,7 @@ homepage = "https://github.com/DefGuard/proxy"
 repository = "https://github.com/DefGuard/proxy"
 
 [dependencies]
-defguard_version = { git = "https://github.com/DefGuard/defguard.git", rev = "f61ce40927a4d21095ea53a691219d5ae46e3e4e" }
+defguard_version = { git = "https://github.com/DefGuard/defguard.git", rev = "a5709e7117103458ad8417d4437a8a369ca5bbce" }
 # base `axum` deps
 axum = { version = "0.7", features = ["macros", "tracing", "ws"] }
 axum-client-ip = "0.6"
diff --git a/src/grpc.rs b/src/grpc.rs
index 40450e16..f69a724a 100644
--- a/src/grpc.rs
+++ b/src/grpc.rs
@@ -11,7 +11,7 @@ use tokio_stream::wrappers::UnboundedReceiverStream;
 use tonic::{Request, Response, Status, Streaming};
 use tracing::Instrument;
 
-use defguard_version::{version_info_from_metadata, DefguardComponent};
+use defguard_version::{get_tracing_variables, parse_metadata, DefguardComponent};
 
 use crate::{
     error::ApiError,
@@ -100,9 +100,11 @@ impl proxy_server::Proxy for ProxyServer {
             error!("Failed to determine client address for request: {request:?}");
             return Err(Status::internal("Failed to determine client address"));
         };
-        let (version, info) = version_info_from_metadata(request.metadata());
+        let maybe_info = parse_metadata(request.metadata());
+        let (version, info) = get_tracing_variables(&maybe_info);
         let span = tracing::info_span!("core_bidi_stream", component = %DefguardComponent::Core, version, info);
         let _guard = span.enter();
+
         info!("Defguard Core gRPC client connected from: {address}");
 
         let (tx, rx) = mpsc::unbounded_channel();
diff --git a/src/http.rs b/src/http.rs
index 87d30fe1..05870c79 100644
--- a/src/http.rs
+++ b/src/http.rs
@@ -16,7 +16,10 @@ use axum::{
 };
 use axum_extra::extract::cookie::Key;
 use clap::crate_version;
-use defguard_version::{server::DefguardVersionLayer, Version};
+use defguard_version::{
+    server::{DefguardVersionInterceptor, DefguardVersionLayer},
+    DefguardComponent, Version,
+};
 use serde::Serialize;
 use tokio::{net::TcpListener, sync::oneshot, task::JoinSet};
 use tonic::transport::{Identity, Server, ServerTlsConfig};
@@ -36,7 +39,7 @@ use crate::{
     grpc::ProxyServer,
     handlers::{desktop_client_mfa, enrollment, password_reset, polling},
     proto::proxy_server,
-    VERSION,
+    MIN_CORE_VERSION, VERSION,
 };
 
 pub(crate) static ENROLLMENT_COOKIE_NAME: &str = "defguard_proxy";
@@ -169,8 +172,17 @@ pub async fn run_server(config: Config) -> anyhow::Result<()> {
         } else {
             Server::builder()
         };
+        let own_version = Version::parse(VERSION)?;
         let versioned_service = ServiceBuilder::new()
-            .layer(DefguardVersionLayer::new(Version::parse(VERSION)?))
+            .layer(tonic::service::InterceptorLayer::new(
+                DefguardVersionInterceptor::new(
+                    own_version.clone(),
+                    DefguardComponent::Core,
+                    MIN_CORE_VERSION,
+                    false,
+                ),
+            ))
+            .layer(DefguardVersionLayer::new(own_version))
             .service(proxy_server::ProxyServer::new(grpc_server));
         builder
             .add_service(versioned_service)
diff --git a/src/lib.rs b/src/lib.rs
index 73847794..e4ccce8d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,3 +1,5 @@
+use defguard_version::Version;
+
 pub mod assets;
 pub mod config;
 mod enterprise;
@@ -14,4 +16,5 @@ pub(crate) mod proto {
 #[macro_use]
 extern crate tracing;
 
-pub static VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), "-", env!("VERGEN_GIT_SHA"));
+pub static VERSION: &str = concat!(env!("CARGO_PKG_VERSION"), "+", env!("VERGEN_GIT_SHA"));
+pub const MIN_CORE_VERSION: Version = Version::new(1, 5, 0);