- Pin Miniflux to 2.2.19, Gitea to 1.25 (from :latest)
- Add security headers (X-Content-Type-Options, X-Frame-Options,
Referrer-Policy, Permissions-Policy) to all Caddy sites
- Add Docker JSON log rotation (10m x 3 files) to all containers
- Add SHA256 checksum verification for GoatCounter binary download
- Install and configure unattended-upgrades for security patches
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ab050fddd7