diff --git a/HOTFIX b/HOTFIX
index e4a42e6ac..644f9e9ee 100644
--- a/HOTFIX
+++ b/HOTFIX
@@ -1 +1 @@
-04012022 04052022
+04012022 04052022 04072022
diff --git a/VERIFY_ISO.md b/VERIFY_ISO.md
index 13999abee..c8e0158f9 100644
--- a/VERIFY_ISO.md
+++ b/VERIFY_ISO.md
@@ -1,18 +1,18 @@
-### 2.3.110-20220405 ISO image built on 2022/04/05
+### 2.3.110-20220407 ISO image built on 2022/04/07
 
 
 
 ### Download and Verify
 
-2.3.110-20220405 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso
+2.3.110-20220407 ISO image:  
+https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso
 
-MD5: 9CE982FE45DC2957A3A6D376E6DCC048  
-SHA1: 10E3FF28A69F9617D4CCD2F5061AA2DC062B8F94  
-SHA256: 0C178A422ABF7B61C08728E32CE20A9F9C1EC65807EB67D06F1C23F7D1EA51A7 
+MD5: 928D589709731EFE9942CA134A6F4C6B  
+SHA1: CA588A684586CC0D5BDE5E0E41C935FFB939B6C7  
+SHA256: CBF8743838AF2C7323E629FB6B28D5DD00AE6658B0E29E4D0916411D2D526BD2 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220405.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.110-20220407.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220405.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.110-20220407.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.110-20220405.iso.sig securityonion-2.3.110-20220405.iso
+gpg --verify securityonion-2.3.110-20220407.iso.sig securityonion-2.3.110-20220407.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Tue 05 Apr 2022 06:37:40 PM EDT using RSA key ID FE507013
+gpg: Signature made Thu 07 Apr 2022 03:30:03 PM EDT using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.
diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 8a6132898..7181b1b9e 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -946,6 +946,7 @@ update_repo() {
       exit 1
     fi
 
+    rm -f /etc/apt/sources.list.d/salt.list
     echo "deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/$ubuntu_version/amd64/salt $OSVER main" > /etc/apt/sources.list.d/saltstack.list
     apt-get update
   fi
@@ -1094,6 +1095,12 @@ main() {
   upgrade_check_salt
   set -e
 
+  if [[ $is_airgap -eq 0 ]]; then
+    update_centos_repo
+    yum clean all
+    check_os_updates
+  fi
+
   if [ "$is_hotfix" == "true" ]; then
     echo "Applying $HOTFIXVERSION hotfix"
     copy_new_files
@@ -1115,9 +1122,6 @@ main() {
     echo "Updating dockers to $NEWVERSION."
     if [[ $is_airgap -eq 0 ]]; then
       airgap_update_dockers
-      update_centos_repo
-      yum clean all
-      check_os_updates
     # if not airgap but -f was used
     elif [[ ! -z "$ISOLOC" ]]; then
       airgap_update_dockers
diff --git a/salt/repo/client/ubuntu.sls b/salt/repo/client/ubuntu.sls
index efc06b24a..301bdabae 100644
--- a/salt/repo/client/ubuntu.sls
+++ b/salt/repo/client/ubuntu.sls
@@ -1,5 +1,20 @@
+# this removes the repo file left by bootstrap-salt.sh without -r
+remove_salt.list:
+  file.absent:
+    - name: /etc/apt/sources.list.d/salt.list
+
 saltstack.list:
   file.managed:
     - name: /etc/apt/sources.list.d/saltstack.list
     - contents:
       - deb https://repo.securityonion.net/file/securityonion-repo/ubuntu/{{grains.osrelease}}/amd64/salt/ {{grains.oscodename}} main
+
+apt_update:
+  cmd.run:
+    - name: apt-get update
+    - onchanges:
+      - file: saltstack.list
+    - timeout: 30
+    - retry:
+        attempts: 5
+        interval: 30
diff --git a/sigs/securityonion-2.3.110-20220407.iso.sig b/sigs/securityonion-2.3.110-20220407.iso.sig
new file mode 100644
index 000000000..2ea694428
Binary files /dev/null and b/sigs/securityonion-2.3.110-20220407.iso.sig differ