diff --git a/.github/workflows/build_and_push_docker_images.yaml b/.github/workflows/build_and_push_docker_images.yaml
index 1ab553840..c02b29292 100644
--- a/.github/workflows/build_and_push_docker_images.yaml
+++ b/.github/workflows/build_and_push_docker_images.yaml
@@ -81,14 +81,6 @@ jobs:
         profile:
           - ${{ inputs.profile }}
           - ${{ inputs.profile }}-elixir
-        registry:
-          - 'docker.io'
-          - 'public.ecr.aws'
-        exclude:
-          - profile: emqx-enterprise
-            registry: 'public.ecr.aws'
-          - profile: emqx-enterprise-elixir
-            registry: 'public.ecr.aws'
 
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -101,14 +93,14 @@ jobs:
 
     - name: Login to hub.docker.com
       uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-      if: matrix.registry == 'docker.io'
+      if: inputs.publish || github.repository_owner != 'emqx'
       with:
         username: ${{ secrets.DOCKER_HUB_USER }}
         password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
     - name: Login to AWS ECR
       uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
-      if: matrix.registry == 'public.ecr.aws'
+      if: inputs.publish || github.repository_owner != 'emqx'
       with:
         registry: public.ecr.aws
         username: ${{ secrets.AWS_ACCESS_KEY_ID }}
@@ -118,17 +110,54 @@ jobs:
     - name: Build docker image
       env:
         PROFILE: ${{ matrix.profile }}
-        DOCKER_REGISTRY: ${{ matrix.registry }}
+        DOCKER_REGISTRY: 'docker.io,public.ecr.aws'
         DOCKER_ORG: ${{ github.repository_owner }}
         DOCKER_LATEST: ${{ inputs.latest }}
-        DOCKER_PUSH: ${{ inputs.publish == 'true' || inputs.publish || github.repository_owner != 'emqx' }}
+        DOCKER_PUSH: false
         DOCKER_BUILD_NOCACHE: true
         DOCKER_PLATFORMS: linux/amd64,linux/arm64
-        EMQX_RUNNER: 'debian:11-slim'
+        DOCKER_LOAD: true
+        EMQX_RUNNER: 'public.ecr.aws/debian/debian:11-slim@sha256:22cfb3c06a7dd5e18d86123a73405664475b9d9fa209cbedcf4c50a25649cc74'
         EMQX_DOCKERFILE: 'deploy/docker/Dockerfile'
         PKG_VSN: ${{ inputs.version }}
         EMQX_BUILDER_VERSION: ${{ inputs.builder_vsn }}
         EMQX_BUILDER_OTP: ${{ inputs.otp_vsn }}
         EMQX_BUILDER_ELIXIR: ${{ inputs.elixir_vsn }}
+        EMQX_SOURCE_TYPE: tgz
       run: |
         ./build ${PROFILE} docker
+        echo "Built tags:"
+        echo "==========="
+        cat .emqx_docker_image_tags
+        echo "==========="
+        echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV
+
+    - name: smoke test
+      timeout-minutes: 1
+      run: |
+        for tag in $(cat .emqx_docker_image_tags); do
+          CID=$(docker run -d -P $tag)
+          HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
+          ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
+          docker rm -f $CID
+        done
+    - name: dashboard tests
+      working-directory: ./scripts/ui-tests
+      timeout-minutes: 5
+      run: |
+        set -eu
+        docker compose up --abort-on-container-exit --exit-code-from selenium
+        docker compose rm -fsv
+    - name: test node_dump
+      run: |
+        CID=$(docker run -d -P $_EMQX_DOCKER_IMAGE_TAG)
+        docker exec -t -u root -w /root $CID bash -c 'apt-get -y update && apt-get -y install net-tools'
+        docker exec -t -u root $CID node_dump
+        docker rm -f $CID
+    - name: push images
+      if: inputs.publish || github.repository_owner != 'emqx'
+      run: |
+        for tag in $(cat .emqx_docker_image_tags); do
+          echo "Pushing tag $tag"
+          docker push $tag
+        done
diff --git a/.github/workflows/build_packages.yaml b/.github/workflows/build_packages.yaml
index 31f39d551..0783af615 100644
--- a/.github/workflows/build_packages.yaml
+++ b/.github/workflows/build_packages.yaml
@@ -221,9 +221,9 @@ jobs:
         set -eu
         cd packages/${{ matrix.profile }}
         # fix the .sha256 file format
-        for var in $(ls | grep emqx | grep -v sha256); do
-          dos2unix $var.sha256
-          echo "$(cat $var.sha256) $var" | sha256sum -c || exit 1
+        for f in *.sha256; do
+          dos2unix $f
+          echo "$(cat $f) ${f%.*}" | sha256sum -c || exit 1
         done
         cd -
     - uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
diff --git a/apps/emqx/include/emqx_release.hrl b/apps/emqx/include/emqx_release.hrl
index d35df9c92..655cd77d9 100644
--- a/apps/emqx/include/emqx_release.hrl
+++ b/apps/emqx/include/emqx_release.hrl
@@ -32,10 +32,10 @@
 %% `apps/emqx/src/bpapi/README.md'
 
 %% Opensource edition
--define(EMQX_RELEASE_CE, "5.5.1").
+-define(EMQX_RELEASE_CE, "5.5.1-rc.3").
 
 %% Enterprise edition
--define(EMQX_RELEASE_EE, "5.5.1").
+-define(EMQX_RELEASE_EE, "5.5.1-rc.3").
 
 %% The HTTP API version
 -define(EMQX_API_VERSION, "5.0").
diff --git a/build b/build
index 4a5e01f7e..731d0f331 100755
--- a/build
+++ b/build
@@ -385,6 +385,16 @@ docker_cleanup() {
     [ -f ./.dockerignore.bak ] && mv ./.dockerignore.bak ./.dockerignore >/dev/null || true
 }
 
+function is_ecr_and_enterprise() {
+  local registry="$1"
+  local profile="$2"
+  if [[ "$registry" == public.ecr.aws* ]] && [[ "$profile" == *enterprise* ]]; then
+    return 0
+  else
+    return 1
+  fi
+}
+
 ## Build the default docker image based on debian 11.
 make_docker() {
     local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.3-2}"
@@ -450,6 +460,13 @@ make_docker() {
        --tag "${EMQX_IMAGE_TAG}" \
        --pull
     )
+    :> ./.emqx_docker_image_tags
+    for r in "${DOCKER_REGISTRIES[@]}"; do
+        if ! is_ecr_and_enterprise "$r" "$PROFILE"; then
+            DOCKER_BUILDX_ARGS+=(--tag "$r/${EMQX_IMAGE_TAG}")
+            echo "$r/${EMQX_IMAGE_TAG}" >> ./.emqx_docker_image_tags
+        fi
+    done
     if [ "${DOCKER_BUILD_NOCACHE:-false}" = true ]; then
         DOCKER_BUILDX_ARGS+=(--no-cache)
     fi
@@ -457,9 +474,16 @@ make_docker() {
         DOCKER_BUILDX_ARGS+=(--label org.opencontainers.image.elixir.version="${EMQX_BUILDER_ELIXIR}")
     fi
     if [ "${DOCKER_LATEST:-false}" = true ]; then
-        DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:latest${SUFFIX}")
-        DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}${SUFFIX}")
-        DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}.${VSN_PATCH}${SUFFIX}")
+        for r in "${DOCKER_REGISTRIES[@]}"; do
+            if ! is_ecr_and_enterprise "$r" "$PROFILE"; then
+                DOCKER_BUILDX_ARGS+=(--tag "$r/${EMQX_BASE_DOCKER_TAG}:latest${SUFFIX}")
+                echo "$r/${EMQX_BASE_DOCKER_TAG}:latest${SUFFIX}" >> ./.emqx_docker_image_tags
+                DOCKER_BUILDX_ARGS+=(--tag "$r/${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}${SUFFIX}")
+                echo "$r/${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}${SUFFIX}" >> ./.emqx_docker_image_tags
+                DOCKER_BUILDX_ARGS+=(--tag "$r/${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}.${VSN_PATCH}${SUFFIX}")
+                echo "$r/${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}.${VSN_PATCH}${SUFFIX}" >> ./.emqx_docker_image_tags
+            fi
+        done
     fi
     if [ "${DOCKER_PLATFORMS:-default}" != 'default' ]; then
         DOCKER_BUILDX_ARGS+=(--platform "${DOCKER_PLATFORMS}")
diff --git a/changes/e5.5.1.en.md b/changes/e5.5.1.en.md
index 0c705b9a7..8077160d2 100644
--- a/changes/e5.5.1.en.md
+++ b/changes/e5.5.1.en.md
@@ -8,8 +8,6 @@
 
 - [#12471](https://github.com/emqx/emqx/pull/12471) Fixed an issue that data integration configurations failed to load correctly during upgrades from EMQX version 5.0.2 to newer releases.
 
-- [#12542](https://github.com/emqx/emqx/pull/12542) Redacted authorization headers to exclude basic authorization credentials from debug logs in the HTTP Server connector, mitigating potential security risks.
-
 - [#12598](https://github.com/emqx/emqx/pull/12598) Fixed an issue that users were unable to subscribe to or unsubscribe from shared topic filters via HTTP API.
 
   The affected APIs include:
@@ -26,7 +24,7 @@
 
 - [#12620](https://github.com/emqx/emqx/pull/12620) Fixed an issue when sensitive headers for HTTP connector may be printed in the `debug` level log.
 
-- [#12632](https://github.com/emqx/emqx/pull/12632) Fix an issue when rule engine SQL built-in function `date_to_unix_ts` produced incorrect results for dates starting from 1st of March on leap years.
+- [#12632](https://github.com/emqx/emqx/pull/12632) Fixed an issue where the rule engine's SQL built-in function `date_to_unix_ts` produced incorrect results for dates starting from March 1st on leap years.
 
 - [#12608](https://github.com/emqx/emqx/pull/12608) Fixed a `function_clause` error in the IoTDB action caused by the absence of a `payload` field in query data.
 
diff --git a/changes/v5.5.1.en.md b/changes/v5.5.1.en.md
index 517b88971..d25349ccd 100644
--- a/changes/v5.5.1.en.md
+++ b/changes/v5.5.1.en.md
@@ -4,8 +4,6 @@
 
 - [#12471](https://github.com/emqx/emqx/pull/12471) Fixed an issue that data integration configurations failed to load correctly during upgrades from EMQX version 5.0.2 to newer releases.
 
-- [#12542](https://github.com/emqx/emqx/pull/12542) Redacted authorization headers to exclude basic authorization credentials from debug logs in the HTTP Server connector, mitigating potential security risks.
-
 - [#12598](https://github.com/emqx/emqx/pull/12598) Fixed an issue that users were unable to subscribe to or unsubscribe from shared topic filters via HTTP API.
 
   The affected APIs include:
@@ -22,4 +20,5 @@
 
 - [#12620](https://github.com/emqx/emqx/pull/12620) Fixed an issue when sensitive headers for HTTP connector may be printed in the `debug` level log.
 
-- [#12632](https://github.com/emqx/emqx/pull/12632) Fix an issue when rule engine SQL built-in function `date_to_unix_ts` produced incorrect results for dates starting from 1st of March on leap years.
+- [#12632](https://github.com/emqx/emqx/pull/12632) Fixed an issue where the rule engine's SQL built-in function `date_to_unix_ts` produced incorrect results for dates starting from March 1st on leap years.
+
diff --git a/deploy/charts/emqx-enterprise/Chart.yaml b/deploy/charts/emqx-enterprise/Chart.yaml
index 014a37fd6..e75a8d346 100644
--- a/deploy/charts/emqx-enterprise/Chart.yaml
+++ b/deploy/charts/emqx-enterprise/Chart.yaml
@@ -14,8 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 5.5.1
+version: 5.5.1-rc.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 5.5.1
+appVersion: 5.5.1-rc.3
diff --git a/deploy/charts/emqx/Chart.yaml b/deploy/charts/emqx/Chart.yaml
index 8b60276ed..7c33555f1 100644
--- a/deploy/charts/emqx/Chart.yaml
+++ b/deploy/charts/emqx/Chart.yaml
@@ -14,8 +14,8 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 5.5.1
+version: 5.5.1-rc.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: 5.5.1
+appVersion: 5.5.1-rc.3