Ghost 6.15 was released with a security fix for an XSS vulnerability in the portal. Bad actors are now aware of the vulnerable, but no new Docker image is available to install with the fix. A fix is being worked out here, in a third-party repo: Docker builds fail …

Self-hosters left vulnerable to XSS vuln due to second-class Docker support

markstos January 31, 2026, 7:19pm 3

From looking at the Docker Compose file, that’s the way it appears to me.

Topic		Replies	Views
Official Docker based ghost from Ghost team itself Ideas 🚧-rejected	3	1294	July 8, 2018
Docker release not published for v5.118.0 Using Ghost	1	44	April 21, 2025
Docker Nightly Image? Contributing to Ghost	2	175	December 2, 2024
Breaking docker images Developer help	3	488	April 9, 2019
Sharing Docker images of local Ghost blog for collaboration Self-hosting	0	519	December 1, 2022