diff --git a/charts/gohoarder/Chart.yaml b/charts/gohoarder/Chart.yaml
index b2b165c..ff25dd7 100644
--- a/charts/gohoarder/Chart.yaml
+++ b/charts/gohoarder/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: gohoarder
 description: A universal package cache proxy supporting npm, PyPI, and Go modules with security scanning
 type: application
-version: 0.0.3
-appVersion: "0.0.3"
+version: 0.0.4
+appVersion: "0.0.4"
 keywords:
   - package-manager
   - cache
diff --git a/charts/gohoarder/templates/deployment-scanner.yaml b/charts/gohoarder/templates/deployment-scanner.yaml
index 6edb27f..a68e379 100644
--- a/charts/gohoarder/templates/deployment-scanner.yaml
+++ b/charts/gohoarder/templates/deployment-scanner.yaml
@@ -37,10 +37,8 @@ spec:
           mkdir -p /var/cache/gohoarder /var/lib/gohoarder/metadata /tmp/gohoarder
           {{- if .Values.security.scanners.trivy.enabled }}
           mkdir -p {{ .Values.security.scanners.trivy.cacheDb }}
-          chown -R 1000:1000 {{ .Values.security.scanners.trivy.cacheDb }}
           {{- end }}
-          chown -R 1000:1000 /var/cache/gohoarder /var/lib/gohoarder /tmp/gohoarder
-          chmod 750 /var/cache/gohoarder /var/lib/gohoarder
+          chmod 750 /var/cache/gohoarder /var/lib/gohoarder 2>/dev/null || true
         volumeMounts:
         - name: storage
           mountPath: /var/cache/gohoarder
@@ -53,7 +51,11 @@ spec:
         - name: tmp
           mountPath: /tmp/gohoarder
         securityContext:
-          runAsUser: 0
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
       containers:
       - name: scanner
         securityContext:
diff --git a/charts/gohoarder/templates/deployment-server.yaml b/charts/gohoarder/templates/deployment-server.yaml
index 7b027dc..915f69b 100644
--- a/charts/gohoarder/templates/deployment-server.yaml
+++ b/charts/gohoarder/templates/deployment-server.yaml
@@ -36,8 +36,7 @@ spec:
         args:
         - |
           mkdir -p /var/cache/gohoarder /var/lib/gohoarder/metadata /tmp/gohoarder
-          chown -R 1000:1000 /var/cache/gohoarder /var/lib/gohoarder /tmp/gohoarder
-          chmod 750 /var/cache/gohoarder /var/lib/gohoarder
+          chmod 750 /var/cache/gohoarder /var/lib/gohoarder 2>/dev/null || true
         volumeMounts:
         - name: storage
           mountPath: /var/cache/gohoarder
@@ -46,7 +45,11 @@ spec:
         - name: tmp
           mountPath: /tmp/gohoarder
         securityContext:
-          runAsUser: 0
+          runAsUser: 1000
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
       containers:
       - name: server
         securityContext:
diff --git a/charts/gohoarder/values.yaml b/charts/gohoarder/values.yaml
index 26737f0..000b2ab 100644
--- a/charts/gohoarder/values.yaml
+++ b/charts/gohoarder/values.yaml
@@ -51,17 +51,17 @@ image:
   server:
     repository: ghcr.io/lukaszraczylo/gohoarder-server
     pullPolicy: IfNotPresent
-    tag: "0.0.3"
+    tag: "0.0.4"
 
   frontend:
     repository: ghcr.io/lukaszraczylo/gohoarder-frontend
     pullPolicy: IfNotPresent
-    tag: "0.0.3"
+    tag: "0.0.4"
 
   scanner:
     repository: ghcr.io/lukaszraczylo/gohoarder-scanner
     pullPolicy: IfNotPresent
-    tag: "0.0.3"
+    tag: "0.0.4"
 
 # Service Account
 serviceAccount:
diff --git a/charts/packages/gohoarder-0.0.4.tgz b/charts/packages/gohoarder-0.0.4.tgz
new file mode 100644
index 0000000..39d243d
Binary files /dev/null and b/charts/packages/gohoarder-0.0.4.tgz differ
diff --git a/index.yaml b/index.yaml
index fcaefac..2f056c7 100644
--- a/index.yaml
+++ b/index.yaml
@@ -1,6 +1,33 @@
 apiVersion: v1
 entries:
   gohoarder:
+  - apiVersion: v2
+    appVersion: 0.0.4
+    created: "2026-01-03T01:21:18.278882603Z"
+    description: A universal package cache proxy supporting npm, PyPI, and Go modules
+      with security scanning
+    digest: 74799fdcd549d0cb6a4c4344acf7f08a3744dc2ae46999aed208e7751e9a35a7
+    home: https://github.com/lukaszraczylo/gohoarder
+    icon: https://raw.githubusercontent.com/lukaszraczylo/gohoarder/main/docs/logo.png
+    keywords:
+    - package-manager
+    - cache
+    - proxy
+    - npm
+    - pypi
+    - go-modules
+    - security
+    - vulnerability-scanning
+    maintainers:
+    - email: lukasz@raczylo.com
+      name: Lukasz Raczylo
+    name: gohoarder
+    sources:
+    - https://github.com/lukaszraczylo/gohoarder
+    type: application
+    urls:
+    - https://github.com/lukaszraczylo/helm-charts/releases/download/gohoarder-0.0.4/gohoarder-0.0.4.tgz
+    version: 0.0.4
   - apiVersion: v2
     appVersion: 0.0.3
     created: "2026-01-03T01:03:31.232406402Z"
@@ -1705,4 +1732,4 @@ entries:
     urls:
     - https://github.com/lukaszraczylo/helm-charts/releases/download/kubemirror-0.2.8/kubemirror-0.2.8.tgz
     version: 0.2.8
-generated: "2026-01-03T01:03:31.230925033Z"
+generated: "2026-01-03T01:21:18.27745255Z"