Finsys Release Notes
Last updated: Apr 4, 2026
Finsys Products
All Finsys Release Notes (15)
- Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v1.0.23
Dockhand adds a theme toggle with System mode, per-container custom shell sessions, and new redeploy and force-redeploy options for internal and Git stacks. It also fixes hostname validation, Git SSL cert handling, stack sync data loss, and several scanner and registry issues.
New
- Added a theme toggle with a System option that automatically follows the OS light/dark preference. (#803)
- Added a custom shell option for terminal sessions, persisted per container. (#830)
- Added a Redeploy button for internal stacks with pull, build, and force-recreate options. (#152)
- Added build, image re-pull, and force redeployment options for Git stacks. (#792, #472)
Fixes
- Fixed hostname validation to allow underscores. (#790)
- Fixed cloning and pulling from HTTPS Git repositories with self-signed CA certificates. (#842)
- Fixed stack restarts for containers using network_mode: service: by adding a recreate option. (#844)
- Fixed Git stack sync deleting data in relative volume paths. (#831)
- Fixed batch update skipping Hawser containers. (#485)
- Fixed registry deletion for multi-arch and OCI manifest images.
- Fixed scanner cache cleanup to prevent volume bloat. (#808)
- Fixed Docker API version negotiation for scanner and updater sidecar containers. (#759)
- Fixed vulnerability scan counts not matching the displayed list. (#705)
Docker image
docker pull fnsys/dockhand:v1.0.23
Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v1.0.24
Dockhand fixes HTTP registry browsing SSL errors and preserves git stack deploy options in the edit dialog.
What's new in v1.0.24
- š browsing HTTP registries fails with SSL error (#868)
- š git stack deploy options (build, re-pull, force redeploy) not persisted in edit dialog
Docker image
docker pull fnsys/dockhand:v1.0.24Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem All of your release notes in one feed
Join Releasebot and get updates from Finsys and hundreds of other software products.
- Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 3, 2026
- Mar 21, 2026
- Date parsed from source:Mar 21, 2026
- First seen by Releasebot:Mar 22, 2026
v1.0.22
Dockhand releases v1.0.22 with a refreshed dashboard list view, custom environment icons, multi-IP container indicators, bundled local fonts, and several fixes including pinned Trivy and Grype scanner images for safer scans.
THIS IS IMPORTANT RELEASE
On March 19, 2026, attackers compromised the official Trivy vulnerability scanner.
They force-pushed 75 out of 76 version tags in the GitHub Action repository (aquasecurity/trivy-action) to inject a credential-stealing payload executed during GitHub Actions builds.
During this time, release v0.69.4 was also published. From public GitHub data: v0.69.4 tag was created, then deleted by a Trivy maintainer hours later. Exposure window: 2026-03-19 18:22 ā ~21:42 CET.
The full technical analysis is available at https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/.
How does this affect Dockhand?
Dockhand does not use the compromised GitHub Action, but runs Trivy as a an Docker container (aquasec/trivy) with the following setup:
- The container receives the Docker socket (to access images for scanning) and it's own cache volume (for the vulnerability database)
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to the scanner container
- The container runs a single scan command and exits
The attack targeted the GitHub Action repository. There is no confirmation whether the Docker Hub container images (aquasec/trivy) were also affected.
If you ran vulnerability scans using Dockhand before version 1.0.22 during or after March 19, and the scanner image was not cached locally, the scanner may have pulled aquasec/trivy:latest, which could have pointed to a compromised image.
Starting with Dockhand 1.0.22, scanner images are pinned to verified versions (aquasec/trivy:0.69.3) and are configurable in Settings > General.
Recommended action: Upgrade Dockhand to 1.0.22 immediately if you haven't already.
We will update you if new information emerges about the Docker Hub images.
references:
https://github.com/aquasecurity/trivy/discussions/10425
https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/
[UPDATE]
CrowdStrike has confirmed that the Docker container image aquasec/trivy:0.69.4 was also compromised ā not just the GitHub Action.
What the payload does:
The compromised Trivy binary drops a script to ~/.config/sysmon.py which sleeps for 5 minutes, then contacts a command-and-control server every 50 minutes. It acts as a stage-1 loader for further payloads.
Why Dockhand is likely unaffected:
Dockhand runs the Trivy Docker container (isolated from a host) for a single scan and exits ā typically under 30 seconds - 1 minute.
The malicious payload requires a 5-minute sleep before it activates. Since the container is destroyed when the scan completes, the payload never had time to execute.
Additionally:
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to it
- CrowdStrike's analysis describes a C2 loader ā no Docker socket exploitation was observed
What's new in v1.0.22
āØ dashboard list view with inline search and connection filters (#740)
āØ custom environment icon (#754)
āØ show +N indicator for containers with multiple IP addresses (#644)
āØ bundle all fonts locally for privacy and offline use (#734)
š respect PROXY settings when checking for container updates
š git stacks force-redeploy after a failed sync (#693)
š What's New modal shown before login, exposing version info (#717)
š git repository files not removed from disk on delete (#671)
š recursive chown at startup breaks stack volumes with different ownership (#719)
š missing notification event toggles for container healthy, image prune events (#659)
š container disappears when edit fails (e.g. invalid memory/swap) (#736)
š regression: network container count always shows 0 (#761)
š Grype/Trivy scan containers don't inherit proxy env vars (#780)
š pin vulnerability scanner images to specific versions not :latest
Docker image
docker pull fnsys/dockhand:v1.0.22
Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Mar 13, 2026
- Date parsed from source:Mar 13, 2026
- First seen by Releasebot:Mar 13, 2026
v1.0.21
Finsys announces v1.0.21 with an option to truncate port lists and an ANSI color aware log viewer, plus broad bug fixes from cron and time zone displays to IPv6, polling storms, file uploads, health checks and image pruning. Docker image fnsys/dockhand:v1.0.21 is available.
What's new in v1.0.21
- āØ option to truncate port list (#702)
- āØ log viewer supports ANSII 256 colors (#743)
- š IPv6 Problems (#714, #731)
- š polling storm & mass disconnect (#733, #741)
- š custom cron schedule displayed incorrectly (#727)
- š wrong cron schedule (#706)
- š file browser does not allow upload over 512 KB (#687)
- š can't set memory swappiness when using Podman (#691)
- š compose API negotiation fix (#692, #696)
- š not deployed git stacks continue to show the Down action (#694)
- š display time doesn't reflect time zone (#735)
- š prune dangling images counter not working (#718)
- š own PORT env not used in HEALTHCHECK (#745)
Docker image
docker pull fnsys/dockhand:v1.0.21Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Mar 3, 2026
- Date parsed from source:Mar 3, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.20
Finsys releases v1.0.20 fixing Synology and ARM64 issues plus autoupdate hang with dockhand images.
What's new in v1.0.20
- š regression on Synology DSM
- š Fix ARM64 regression: Go collector crashing on Raspberry Pi and other ARM devices
- š autoupdate hangs on "waiting for Dockhand"
Docker image
- docker pull fnsys/dockhand:v1.0.20
- Also available as fnsys/dockhand:latest
- View on Docker Hub
- Mar 2, 2026
- Date parsed from source:Mar 2, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.19
Finsys unveils v1.0.19 with an inline logs panel on stacks page, sortable ports in containers, and structured auth logging. It includes stability fixes for Docker, TLS, LDAP, file browsing, SSH keys, and Hawser syncs, plus improved long operation responsiveness. Docker image fnsys/dockhand:v1.0.19.
What's new in v1.0.19
- āØ Inline logs panel on stacks page ā view container logs without leaving the page
- āØ Make ports column sortable in containers grid
- āØ Structured auth logging with client IP (login/logout/MFA/OIDC events)
- š Fix memory leak: TLS context accumulation for HTTPS environments (Bun)
- š Fix security scanning on Docker with custom logging drivers (Loki, Fluentd, etc.)
- š Fix grouped log viewer not auto-scrolling on new entries
- š Fix container recreation error messages not surfacing actual Docker errors
- š Fix LDAP group-to-role mapping
- š Fix container file browser hiding old files
- š Fix SSH key permission issues on NAS filesystems
- š Fix binary file corruption when syncing stacks to Hawser agents
- š Fix UI timeout issues for long running operations
Docker image
docker pull fnsys/dockhand:v1.0.19Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Feb 16, 2026
- Date parsed from source:Feb 16, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.18
Finsys unveils Dockhand v1.0.18 with UI self update, clearer disk space after pruning, dynamic handling of child containers in stack operations, audit log for Git webhooks, Mattermost notifications, per environment disk thresholds, and a suite of security and stability fixes.
What's new in v1.0.18
- āØ Dockhand self-update from the UI
- āØ Show freed disk space after image removal and pruning
- āØ Handle dynamically-spawned child containers in stack stop/down/restart/remove
- āØ Git webhooks are logged to the audit log
- āØ Add Mattermost notification support
- āØ Configurable disk usage warning threshold per environment
- š Fix file upload CSRF 403 error on plain HTTP deployments
- š Fix scanner container /wait timeout causing empty scan output
- š Fix saving adopted external stack failing with 'Stack directory not found'
- š Add Bearer token auth support for ntfy notifications
- š Fix git SSH failing with 'No user exists for uid' with arbitrary UIDs
- š Fix command palette flooding API requests on open
- š Normalize stack names when adopting to prevent uppercase rejection
- š Fix container update failing for shared network modes (container:, host, none)
Docker image
docker pull fnsys/dockhand:v1.0.18Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Feb 9, 2026
- Date parsed from source:Feb 9, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.17
Finsys releases v1.0.17 with bug fixes for rootless Docker scanner, Hawser timeout, and stack container updates.
What's new in v1.0.17
- š Fix scanner failure on rootless Docker
- š Increase Hawser compose operation timeout
- š Fix regression in stack container updates
Docker image
docker pull fnsys/dockhand:v1.0.17Also available as fnsys/dockhand:latest
View on Docker Hub
Original source Report a problem - Feb 9, 2026
- Date parsed from source:Feb 9, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.16
Finsys releases v1.0.16 with Docker Compose override support and fixes for Hawser stack deploys, TLS test, env vars, and node failure.
What's new in v1.0.16
- āØ Support Docker Compose override files when deploying stacks
- š Fix Hawser stack deploy failing when compose file not present on remote host
- š Fix Hawser Standard TLS test connection sending HTTP to HTTPS server
- š Fix .env variables not applied on save & redeploy
- š Fix single Hawser node failure cascading offline state to all environments
Docker image
- docker pull fnsys/dockhand:v1.0.16
- Also available as fnsys/dockhand:latest
- View on Docker Hub