Finsys Products
All Finsys Release Notes (17)
- Apr 19, 2026
- Date parsed from source:Apr 19, 2026
- First seen by Releasebot:Apr 19, 2026
v1.0.26
Dockhand adds persistent grid sorting, richer stack and container details, volume deletion on stack removal, and cleaner port display, while fixing authentication, navigation, notification, and MFA issues.
What's new in v1.0.26
- ✨ persist sort order across page navigation for all data grids (#861, #912)
- ✨ show git repository URL and branch in git stack edit modal (#856)
- ✨ show memory limit alongside usage in containers and stacks views (#893)
- ✨ option to delete associated volumes when removing a stack (#655)
- ✨ collapse consecutive port mappings into ranges in container list (#821)
- 🐛 bearer token authentication fails with enterprise license active
- 🐛 clicking stack name toggles stats accordion instead of just opening editor (#628)
- 🐛 scheduled image prune notifications missing environment name (#770)
- 🐛 Gotify, ntfy, Pushover, and webhook notifications missing environment name (#943)
- 🐛 MFA code field not recognized by Bitwarden and other password managers (#566)
Docker image
docker pull fnsys/dockhand:v1.0.26Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Apr 18, 2026
- Date parsed from source:Apr 18, 2026
- First seen by Releasebot:Apr 19, 2026
v1.0.25
Dockhand releases v1.0.25 with API token authentication for CI/CD scripts, Telegram topic support, and a set of fixes for container editing, schedule handling, settings, image pruning, secret masking, and Docker Compose support.
What's new in v1.0.25
✨ API token authentication — Bearer tokens for CI/CD pipelines and scripts
✨ Telegram topic support — send notifications to supergroup topics (#855)
🐛 allow removing healthcheck, ports, and honor startAfterUpdate=false during container edit (#892)
🐛 validate stack names and prevent broken DB entries on invalid input (#876)
🐛 use per-environment timezone for schedule execution log timestamps (#882)
🐛 "Pull image before update" and "Start after update" settings ignored (#909)
🐛 image prune timeout on hawser-standard when pruning many images (#905)
🐛 bump Docker Compose to 5.1.3
🐛 mask secret environment variables in container inspect modal (#924)
🐛 viewer role can toggle, delete, and run schedules (#923)
🐛 settings show defaults instead of saved values after login until page refresh (#921)
🐛 settings toggle notifications show wrong state (#931)
🐛 stack memory tooltip shows inflated total on multi-container stacks (#936)Docker image
docker pull fnsys/dockhand:v1.0.25
Also available as fnsys/dockhand:latest
View on Docker Hub
Original source All of your release notes in one feed
Join Releasebot and get updates from Finsys and hundreds of other software products.
- Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v1.0.23
Dockhand adds a theme toggle with System mode, per-container custom shell sessions, and new redeploy and force-redeploy options for internal and Git stacks. It also fixes hostname validation, Git SSL cert handling, stack sync data loss, and several scanner and registry issues.
New
- Added a theme toggle with a System option that automatically follows the OS light/dark preference. (#803)
- Added a custom shell option for terminal sessions, persisted per container. (#830)
- Added a Redeploy button for internal stacks with pull, build, and force-recreate options. (#152)
- Added build, image re-pull, and force redeployment options for Git stacks. (#792, #472)
Fixes
- Fixed hostname validation to allow underscores. (#790)
- Fixed cloning and pulling from HTTPS Git repositories with self-signed CA certificates. (#842)
- Fixed stack restarts for containers using network_mode: service: by adding a recreate option. (#844)
- Fixed Git stack sync deleting data in relative volume paths. (#831)
- Fixed batch update skipping Hawser containers. (#485)
- Fixed registry deletion for multi-arch and OCI manifest images.
- Fixed scanner cache cleanup to prevent volume bloat. (#808)
- Fixed Docker API version negotiation for scanner and updater sidecar containers. (#759)
- Fixed vulnerability scan counts not matching the displayed list. (#705)
Docker image
docker pull fnsys/dockhand:v1.0.23
Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 4, 2026
v1.0.24
Dockhand fixes HTTP registry browsing SSL errors and preserves git stack deploy options in the edit dialog.
What's new in v1.0.24
- 🐛 browsing HTTP registries fails with SSL error (#868)
- 🐛 git stack deploy options (build, re-pull, force redeploy) not persisted in edit dialog
Docker image
docker pull fnsys/dockhand:v1.0.24Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Apr 3, 2026
- Date parsed from source:Apr 3, 2026
- First seen by Releasebot:Apr 3, 2026
- Mar 21, 2026
- Date parsed from source:Mar 21, 2026
- First seen by Releasebot:Mar 22, 2026
v1.0.22
Dockhand releases v1.0.22 with a refreshed dashboard list view, custom environment icons, multi-IP container indicators, bundled local fonts, and several fixes including pinned Trivy and Grype scanner images for safer scans.
THIS IS IMPORTANT RELEASE
On March 19, 2026, attackers compromised the official Trivy vulnerability scanner.
They force-pushed 75 out of 76 version tags in the GitHub Action repository (aquasecurity/trivy-action) to inject a credential-stealing payload executed during GitHub Actions builds.
During this time, release v0.69.4 was also published. From public GitHub data: v0.69.4 tag was created, then deleted by a Trivy maintainer hours later. Exposure window: 2026-03-19 18:22 – ~21:42 CET.
The full technical analysis is available at https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/.
How does this affect Dockhand?
Dockhand does not use the compromised GitHub Action, but runs Trivy as a an Docker container (aquasec/trivy) with the following setup:
- The container receives the Docker socket (to access images for scanning) and it's own cache volume (for the vulnerability database)
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to the scanner container
- The container runs a single scan command and exits
The attack targeted the GitHub Action repository. There is no confirmation whether the Docker Hub container images (aquasec/trivy) were also affected.
If you ran vulnerability scans using Dockhand before version 1.0.22 during or after March 19, and the scanner image was not cached locally, the scanner may have pulled aquasec/trivy:latest, which could have pointed to a compromised image.
Starting with Dockhand 1.0.22, scanner images are pinned to verified versions (aquasec/trivy:0.69.3) and are configurable in Settings > General.
Recommended action: Upgrade Dockhand to 1.0.22 immediately if you haven't already.
We will update you if new information emerges about the Docker Hub images.
references:
https://github.com/aquasecurity/trivy/discussions/10425
https://www.abgeo.dev/blog/trivy-github-actions-compromised-full-payload-analysis/
[UPDATE]
CrowdStrike has confirmed that the Docker container image aquasec/trivy:0.69.4 was also compromised — not just the GitHub Action.
What the payload does:
The compromised Trivy binary drops a script to ~/.config/sysmon.py which sleeps for 5 minutes, then contacts a command-and-control server every 50 minutes. It acts as a stage-1 loader for further payloads.
Why Dockhand is likely unaffected:
Dockhand runs the Trivy Docker container (isolated from a host) for a single scan and exits — typically under 30 seconds - 1 minute.
The malicious payload requires a 5-minute sleep before it activates. Since the container is destroyed when the scan completes, the payload never had time to execute.
Additionally:
- No host filesystem paths are mounted into the scanner container
- No Dockhand environment variables or credentials are passed to it
- CrowdStrike's analysis describes a C2 loader — no Docker socket exploitation was observed
What's new in v1.0.22
✨ dashboard list view with inline search and connection filters (#740)
✨ custom environment icon (#754)
✨ show +N indicator for containers with multiple IP addresses (#644)
✨ bundle all fonts locally for privacy and offline use (#734)
🐛 respect PROXY settings when checking for container updates
🐛 git stacks force-redeploy after a failed sync (#693)
🐛 What's New modal shown before login, exposing version info (#717)
🐛 git repository files not removed from disk on delete (#671)
🐛 recursive chown at startup breaks stack volumes with different ownership (#719)
🐛 missing notification event toggles for container healthy, image prune events (#659)
🐛 container disappears when edit fails (e.g. invalid memory/swap) (#736)
🐛 regression: network container count always shows 0 (#761)
🐛 Grype/Trivy scan containers don't inherit proxy env vars (#780)
🐛 pin vulnerability scanner images to specific versions not :latest
Docker image
docker pull fnsys/dockhand:v1.0.22
Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Mar 13, 2026
- Date parsed from source:Mar 13, 2026
- First seen by Releasebot:Mar 13, 2026
v1.0.21
Finsys announces v1.0.21 with an option to truncate port lists and an ANSI color aware log viewer, plus broad bug fixes from cron and time zone displays to IPv6, polling storms, file uploads, health checks and image pruning. Docker image fnsys/dockhand:v1.0.21 is available.
What's new in v1.0.21
- ✨ option to truncate port list (#702)
- ✨ log viewer supports ANSII 256 colors (#743)
- 🐛 IPv6 Problems (#714, #731)
- 🐛 polling storm & mass disconnect (#733, #741)
- 🐛 custom cron schedule displayed incorrectly (#727)
- 🐛 wrong cron schedule (#706)
- 🐛 file browser does not allow upload over 512 KB (#687)
- 🐛 can't set memory swappiness when using Podman (#691)
- 🐛 compose API negotiation fix (#692, #696)
- 🐛 not deployed git stacks continue to show the Down action (#694)
- 🐛 display time doesn't reflect time zone (#735)
- 🐛 prune dangling images counter not working (#718)
- 🐛 own PORT env not used in HEALTHCHECK (#745)
Docker image
docker pull fnsys/dockhand:v1.0.21Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Mar 3, 2026
- Date parsed from source:Mar 3, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.20
Finsys releases v1.0.20 fixing Synology and ARM64 issues plus autoupdate hang with dockhand images.
What's new in v1.0.20
- 🐛 regression on Synology DSM
- 🐛 Fix ARM64 regression: Go collector crashing on Raspberry Pi and other ARM devices
- 🐛 autoupdate hangs on "waiting for Dockhand"
Docker image
- docker pull fnsys/dockhand:v1.0.20
- Also available as fnsys/dockhand:latest
- View on Docker Hub
- Mar 2, 2026
- Date parsed from source:Mar 2, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.19
Finsys unveils v1.0.19 with an inline logs panel on stacks page, sortable ports in containers, and structured auth logging. It includes stability fixes for Docker, TLS, LDAP, file browsing, SSH keys, and Hawser syncs, plus improved long operation responsiveness. Docker image fnsys/dockhand:v1.0.19.
What's new in v1.0.19
- ✨ Inline logs panel on stacks page — view container logs without leaving the page
- ✨ Make ports column sortable in containers grid
- ✨ Structured auth logging with client IP (login/logout/MFA/OIDC events)
- 🐛 Fix memory leak: TLS context accumulation for HTTPS environments (Bun)
- 🐛 Fix security scanning on Docker with custom logging drivers (Loki, Fluentd, etc.)
- 🐛 Fix grouped log viewer not auto-scrolling on new entries
- 🐛 Fix container recreation error messages not surfacing actual Docker errors
- 🐛 Fix LDAP group-to-role mapping
- 🐛 Fix container file browser hiding old files
- 🐛 Fix SSH key permission issues on NAS filesystems
- 🐛 Fix binary file corruption when syncing stacks to Hawser agents
- 🐛 Fix UI timeout issues for long running operations
Docker image
docker pull fnsys/dockhand:v1.0.19Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Feb 16, 2026
- Date parsed from source:Feb 16, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.18
Finsys unveils Dockhand v1.0.18 with UI self update, clearer disk space after pruning, dynamic handling of child containers in stack operations, audit log for Git webhooks, Mattermost notifications, per environment disk thresholds, and a suite of security and stability fixes.
What's new in v1.0.18
- ✨ Dockhand self-update from the UI
- ✨ Show freed disk space after image removal and pruning
- ✨ Handle dynamically-spawned child containers in stack stop/down/restart/remove
- ✨ Git webhooks are logged to the audit log
- ✨ Add Mattermost notification support
- ✨ Configurable disk usage warning threshold per environment
- 🐛 Fix file upload CSRF 403 error on plain HTTP deployments
- 🐛 Fix scanner container /wait timeout causing empty scan output
- 🐛 Fix saving adopted external stack failing with 'Stack directory not found'
- 🐛 Add Bearer token auth support for ntfy notifications
- 🐛 Fix git SSH failing with 'No user exists for uid' with arbitrary UIDs
- 🐛 Fix command palette flooding API requests on open
- 🐛 Normalize stack names when adopting to prevent uppercase rejection
- 🐛 Fix container update failing for shared network modes (container:, host, none)
Docker image
docker pull fnsys/dockhand:v1.0.18Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Feb 9, 2026
- Date parsed from source:Feb 9, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.17
Finsys releases v1.0.17 with bug fixes for rootless Docker scanner, Hawser timeout, and stack container updates.
What's new in v1.0.17
- 🐛 Fix scanner failure on rootless Docker
- 🐛 Increase Hawser compose operation timeout
- 🐛 Fix regression in stack container updates
Docker image
docker pull fnsys/dockhand:v1.0.17Also available as fnsys/dockhand:latest
View on Docker Hub
Original source - Feb 9, 2026
- Date parsed from source:Feb 9, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.16
Finsys releases v1.0.16 with Docker Compose override support and fixes for Hawser stack deploys, TLS test, env vars, and node failure.
What's new in v1.0.16
- ✨ Support Docker Compose override files when deploying stacks
- 🐛 Fix Hawser stack deploy failing when compose file not present on remote host
- 🐛 Fix Hawser Standard TLS test connection sending HTTP to HTTPS server
- 🐛 Fix .env variables not applied on save & redeploy
- 🐛 Fix single Hawser node failure cascading offline state to all environments
Docker image
- docker pull fnsys/dockhand:v1.0.16
- Also available as fnsys/dockhand:latest
- View on Docker Hub
- Feb 8, 2026
- Date parsed from source:Feb 8, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.15
Finsys releases v1.0.15 with a pull-before-update option, usage filter on images, and visible repository names for untagged images. It ships native compose pull and up for stack updates, improved vulnerability sorting, and a host of stability fixes across environment, health, logs, and deploy workflows.
What's new in v1.0.15
- ✨ Pull before update option: New option to pull latest image before container auto-update
- ✨ Usage filter on images page by usage status (used/unused/all)
- ✨ Show repository name for untagged images: Better identification of images without tags
- 🐛 Fix IPv6 address not accepted in environment Public IP field
- 🐛 Fix IPv6 port link URLs by adding bracket formatting
- 🐛 Fix custom compose filename not used in SSE deploy
- 🐛 Fix env var leakage from Dockhand to user stacks
- 🐛 Fix SMTP notification test returning false success
- 🐛 Fix custom compose file path ignored for Hawser git stack deployments
- 🐛 Fix escaped $$ variables (Docker Compose syntax) incorrectly flagged as missing
- 🐛 Use native compose pull and up when updating stack containers
- 🐛 Fix vulnerability scans hanging indefinitely or failing with JSON parse errors
- 🐛 Fix memory leaks in SSE event streams and unconsumed Docker API response bodies
- ✨ Sort vulnerability scan results by severity by default
- ✨ Copy button for compose file contents in stack modal
- ✨ Confirmation dialog before git stack sync
- 🐛 Fix timezone aliases (e.g. Europe/Kyiv) not saving correctly
- 🐛 Fix login crash with large session timeout values
- 🐛 Fix profile display name not persisting due to field name mismatch
- 🐛 Fix date formatting not respecting user preferences
- 🐛 Fix static IP not preserved during container auto-update
- 🐛 Fix stack adoption path conflict across different environments
- 🐛 Fix container auto-update causing permission denied on bind mounts
- 🐛 Fix health tab not showing healthcheck configuration
- 🐛 Fix stack custom paths reset after edit
- 🐛 Autofocus on login username and MFA code fields
Docker image
docker pull fnsys/dockhand:v1.0.15 Also available as fnsys/dockhand:latestView on Docker Hub
Original source - Feb 7, 2026
- Date parsed from source:Feb 7, 2026
- First seen by Releasebot:Mar 12, 2026
v1.0.14
Finsys releases v1.0.14 with bug fixes for env vars, stack start/stop, clock format, TLS skip setting, and a new docker image.
What's new in v1.0.14
- 🐛 Fix environment variables in .env not interpolated during remote deployment
- 🐛 Fix stack variables not re-injected during stack start/stop
- 🐛 Fix time format 12/24 setting not respected in header clock
- 🐛 Fix skip TLS verification not saved on new environment
Docker image
- docker pull fnsys/dockhand:v1.0.14
- Also available as fnsys/dockhand:latest
- View on Docker Hub
- Jan 22, 2026
- Date parsed from source:Jan 22, 2026
- First seen by Releasebot:Mar 12, 2026
1.0.12
Finsys announces 1.0.12 release, signaling a new product version rollout.
1.0.12
Original source