diff --git a/changelog.md b/changelog.md
index 6c805c657..6d0552357 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,10 +1,12 @@
 # Changelog
 
-## [`6.18.3.dev0` (unreleased)](https://github.com/kdeldycke/repomatic/compare/v6.18.2...main)
+## [`6.18.4.dev0` (unreleased)](https://github.com/kdeldycke/repomatic/compare/v6.18.3...main)
 
 > [!WARNING]
 > This version is **not released yet** and is under active development.
 
+## [`6.18.3` (2026-05-11)](https://github.com/kdeldycke/repomatic/compare/v6.18.2...v6.18.3)
+
 - Fix `autofix.yaml` `setup-guide` job being skipped on `workflow_dispatch` re-runs. The `if:` condition now allows both `push` and `workflow_dispatch` events instead of `push` only, so manual re-runs from the Actions UI re-evaluate the setup guide and update the issue accordingly.
 - Fix `release.yaml` `publish-pypi` job running against downstream callers and failing PyPI trusted publishing with a `job_workflow_ref` mismatch. The gate now uses `github.repository == 'kdeldycke/repomatic'` (which reflects the caller's repo under `workflow_call`) instead of `github.event_name == 'push'` (which stays `push` in both self-release and downstream contexts), so the upstream-only job is properly skipped when invoked from a downstream caller. Downstream repos publish through their own thin-caller `publish-pypi` job, which inherits the correct OIDC context.
 - Switch the `compile-binaries` job from `--onefile` to `--mode=onefile`, the documented spelling since Nuitka 4.0 (`--onefile` is now hidden but still accepted).
diff --git a/pyproject.toml b/pyproject.toml
index 190591810..814ab95c1 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -5,7 +5,7 @@ requires = [ "uv-build>=0.9" ]
 [project]
 # Docs: https://packaging.python.org/en/latest/guides/writing-pyproject-toml/
 name = "repomatic"
-version = "6.18.3.dev0"
+version = "6.18.4.dev0"
 description = "🏭 Automate repository maintenance, releases, and CI/CD workflows"
 readme = "readme.md"
 keywords = [
@@ -124,7 +124,7 @@ repomatic = "repomatic.__main__:main"
 [project.urls]
 "Changelog" = "https://github.com/kdeldycke/repomatic/blob/main/changelog.md"
 "Documentation" = "https://kdeldycke.github.io/repomatic"
-"Download" = "https://github.com/kdeldycke/repomatic/releases/tag/v6.18.3.dev0"
+"Download" = "https://github.com/kdeldycke/repomatic/releases/tag/v6.18.4.dev0"
 "Funding" = "https://github.com/sponsors/kdeldycke"
 "Homepage" = "https://github.com/kdeldycke/repomatic"
 "Issues" = "https://github.com/kdeldycke/repomatic/issues"
@@ -278,7 +278,7 @@ run.source = [ "repomatic" ]
 report.precision = 2
 
 [tool.bumpversion]
-current_version = "6.18.3.dev0"
+current_version = "6.18.4.dev0"
 allow_dirty = true
 ignore_missing_files = true
 # Parse versions with an optional .devN suffix (PEP 440).
diff --git a/repomatic/__init__.py b/repomatic/__init__.py
index a4e02db3d..478d615c6 100644
--- a/repomatic/__init__.py
+++ b/repomatic/__init__.py
@@ -17,5 +17,5 @@
 
 from __future__ import annotations
 
-__version__ = "6.18.3.dev0"
+__version__ = "6.18.4.dev0"
 __git_tag_sha__ = ""
diff --git a/uv.lock b/uv.lock
index 5b1efbe95..943194c5d 100644
--- a/uv.lock
+++ b/uv.lock
@@ -1704,7 +1704,7 @@ wheels = [
 
 [[package]]
 name = "repomatic"
-version = "6.18.3.dev0"
+version = "6.18.4.dev0"
 source = { editable = "." }
 dependencies = [
     { name = "backports-strenum", marker = "python_full_version < '3.11'" },