diff --git a/Dockerfile-15 b/Dockerfile-15
index fd95b0ed8f..aec6e83649 100644
--- a/Dockerfile-15
+++ b/Dockerfile-15
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -48,27 +48,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -154,7 +155,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/15/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/15/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/Dockerfile-17 b/Dockerfile-17
index ca79d66003..121d0557a2 100644
--- a/Dockerfile-17
+++ b/Dockerfile-17
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -49,27 +49,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -160,7 +161,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/17/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/17/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/Dockerfile-kubernetes b/Dockerfile-kubernetes
index e27ec2ce78..f7af10d248 100644
--- a/Dockerfile-kubernetes
+++ b/Dockerfile-kubernetes
@@ -1,4 +1,4 @@
-FROM alpine:3.22
+FROM alpine:3.23
 
 ADD ./output-cloudimg/packer-cloudimg /disk/image.qcow2
 
diff --git a/Dockerfile-multigres b/Dockerfile-multigres
index a6bf59cee9..0c307d23e0 100644
--- a/Dockerfile-multigres
+++ b/Dockerfile-multigres
@@ -8,7 +8,7 @@
 ####################
 # Stage 0: Nix base — shared Alpine + Nix setup for all builders
 ####################
-FROM alpine:3.21 AS nix-base
+FROM alpine:3.23 AS nix-base
 
 RUN apk add --no-cache \
     bash \
@@ -68,27 +68,29 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
 
-RUN apk add --no-cache gnupg curl
+RUN apk add --no-cache curl git
 
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Shared base — runtime Alpine + config + migrations
 # Both variants inherit from this stage. No /nix dependency here.
 ####################
-FROM alpine:3.21 AS base
+FROM alpine:3.23 AS base
 
 RUN apk add --no-cache \
     bash \
diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17
index 2b0f8e9fd4..3cf7a533bd 100644
--- a/Dockerfile-orioledb-17
+++ b/Dockerfile-orioledb-17
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -49,27 +49,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -168,7 +169,7 @@ RUN echo "CREATE EXTENSION orioledb;" > /docker-entrypoint-initdb.d/init-scripts
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/17/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/17/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/ansible/vars.yml b/ansible/vars.yml
index 43333bace2..22dc06b011 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.6.0.057-orioledb"
-  postgres17: "17.6.1.100"
-  postgres15: "15.14.1.100"
+  postgresorioledb-17: "17.6.0.058-orioledb"
+  postgres17: "17.6.1.101"
+  postgres15: "15.14.1.101"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.25.1