Ghost 6.15 was released with a security fix for an XSS vulnerability in the portal. Bad actors are now aware of the vulnerable, but no new Docker image is available to install with the fix. A fix is being worked out here, in a third-party repo: Docker builds fail …

From looking at the Docker Compose file, that’s the way it appears to me.

The last time I looked, the last docker update is at least 7 days ago :( Update: Docker updated 3 hours ago. Update #2: 6.14.0 is the latest version available to Docker Hub still.

You can always build your own images, in my case I use a hardened version available at GitHub - sredevopsorg/ghost-on-kubernetes: Ghost on Kubernetes by SREDevOps.org - Deploy Ghost v6 on Kubernetes (k8s, k3s, etc) with our hardened distroless rootless custom image.

Yeah, it would be nice to have docker hub update a little faster, or have a “nightly” tag or something. I’ve been using that method for the past few years and its always like a week behind. Its nice for if there might be something broken in a specific release so you dont get the bleeding edge but fo…

This is about more than just timeliness, it’s about: Ghost team not testing themselves if the Docker image they are promoting works before a release is made, which can leave self-hosters vulnerable It’s about about security in general. For more than a year, there’s been an alternate, hardened ima…

Understood, but the Ghost Image from Docker is used by Ghost in the official compose.yml file in the official ghost-docker repo, which is recommended to used in the official Docker installation instructions: [image] How To Install Ghost With Docker (preview) - Ghost Developer Docs Previ…

Ghost has their own Docker Hub account and publishes several images, including one that appears to be published through automation, but none of them are for the Ghost software itself: Ghost Discover official Docker images from Ghost. Visit their profile and explore images they maintain…

Looks like the Docker image has been updated to Ghost 6.16.1: ghost - Official Image | Docker Hub Publish by web and email newsletter, with member signups and subscription payments.

Yes, confirmed. I was able to upgrade!

Self-hosters left vulnerable to XSS vuln due to second-class Docker support

Developer help

ngeorger February 1, 2026, 7:37pm 8

BTW, the Ghost image from Docker library is not maintained nor supported by the Ghost team. Just sayin’

Self hosted Ghost is from hell?

Topic		Replies	Views
Self hosted Ghost is from hell? Developer help	23	776	February 5, 2026
Official Docker based ghost from Ghost team itself Ideas 🚧-rejected	3	1303	July 8, 2018
(Docker) Ghost crashes when uploading photos on one machine but not the other Self-hosting	7	327	January 29, 2024
Upgrade fatigue Using Ghost	11	544	June 24, 2023
(Docker) Ghost silently crashes when uploading images Developer help	27	2155	December 22, 2024

Self-hosters left vulnerable to XSS vuln due to second-class Docker support

Related topics