Ghost 6.15 was released with a security fix for an XSS vulnerability in the portal. Bad actors are now aware of the vulnerable, but no new Docker image is available to install with the fix. A fix is being worked out here, in a third-party repo: Docker builds fail …

Self-hosters left vulnerable to XSS vuln due to second-class Docker support

markstos January 31, 2026, 7:19pm 3

From looking at the Docker Compose file, that’s the way it appears to me.

Topic		Replies	Views
Self hosted Ghost is from hell? Developer help	23	748	February 5, 2026
Official Docker based ghost from Ghost team itself Ideas 🚧-rejected	3	1300	July 8, 2018
(Docker) Ghost crashes when uploading photos on one machine but not the other Self-hosting	7	326	January 29, 2024
Upgrade fatigue Using Ghost	11	543	June 24, 2023
(Docker) Ghost silently crashes when uploading images Developer help	27	2147	December 22, 2024