diff --git a/Dockerfile b/Dockerfile
index 71b0a334..2f15756f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,12 @@
-FROM debian:buster
+FROM debian:oldoldstable
ENV SERVERNAME=geti2p.net
ENV SERVERMAIL=example@geti2p.net
WORKDIR /var/www/i2p.www
## Install the dependencies
+#RUN #grep -v security.debian /etc/apt/sources.list > /etc/apt/sources.list.bak && \
+ #grep -v stretch-updates /etc/apt/sources.list.bak > /etc/apt/sources.list && \
RUN apt-get update && \
apt-get -y install apache2 apache2-utils libapache2-mod-wsgi python2-dev python-pip patch python-virtualenv git python-polib
diff --git a/i2p2www/blog/2023/06/25/new_release_2.3.0.rst b/i2p2www/blog/2023/06/25/new_release_2.3.0.rst
new file mode 100644
index 00000000..ed8597cc
--- /dev/null
+++ b/i2p2www/blog/2023/06/25/new_release_2.3.0.rst
@@ -0,0 +1,67 @@
+{% trans -%}
+=================
+I2P Release 2.3.0
+=================
+{%- endtrans %}
+.. meta::
+ :author: idk
+ :date: 2023-06-25
+ :category: release
+ :excerpt: {% trans %}I2P 2.3.0: Security Fixes, Tweakable Blocklists{% endtrans %}
+
+{% trans -%}
+This release contains fixes for CVE-2023-36325.
+CVE-2023-36325 is a context-confusion bug which occurred in the bloom filter.
+An attacker crafts an I2NP message containing a unique messageID, and sends that messageID to a client.
+The message, after passing through the bloom filter, is not allowed to be re-used in a second message.
+The attacker then sends the same message directly to the router.
+The router passes the message to the bloom filter, and is dropped.
+This leaks the information that the messageID has been seen before, giving the attacker a strong reason to believe that the router is hosting the client.
+This has been fixed by separting the bloom filter's functionality into different contexts based on whether a message came down a client tunnel, an exploratory tunnel, was sent to the router directly.
+Under normal circumstances, this attack takes several days to perform successfully and may be confounded by several factors such as routers restarting during the attack phase and sensitivity to false-positives.
+Users of Java I2P are recommended to update immediately to avoid the attack.
+{%- endtrans %}
+
+{% trans -%}
+In the course of fixing this context confusion bug, we have revised some of our strategies to code defensively, against these types of leaks.
+This includes tweaks to the netDb, the rate-limiting mechanisms, and the behavior of floodfill routers.
+{%- endtrans %}
+
+{% trans -%}
+This release adds not_bob as a second default hosts provider, and adds notbob.i2p and ramble.i2p to the console homepage.
+{%- endtrans %}
+
+{% trans -%}
+This release also contains a tweakable blocklist.
+Blocklisting is semi-permanent, each blocked IP address is normally blocked until the router is restarted.
+Users who observe explosive blocklist growth during sybil attacks may opt-in to shorter timeouts by configuring the blocklist to expire entries at an interval.
+This feature is off-by-default and is only recommended for advanced users at this time.
+{%- endtrans %}
+
+{% trans -%}
+This release also includes an API for plugins to modify with the Desktop GUI(DTG).
+It is now possible to add menu items to the system tray, enabling more intuitive launching of plugins which use native application interfaces.
+{%- endtrans %}
+
+{% trans -%}
+As usual, we recommend that you update to this release.
+The best way to maintain security and help the network is to run the latest release.
+{%- endtrans %}
+
+**DETAILS**
+
+*Changes*
+
+- {% trans %}netDb: Throttle bursts of netDB lookups{% endtrans %}
+- {% trans %}Sybil/Blocklist: Allow users to override blocklist expiration with an interval{% endtrans %}
+- {% trans %}DTG: Provide an API for extending DTG with a plugin{% endtrans %}
+- {% trans %}Addressbook: add notbob's main addressbook to the default subscriptions.{% endtrans %}
+- {% trans %}Console: Add Ramble and notbob to console homepage{% endtrans %}
+
+*Bug Fixes*
+
+- {% trans %}Fix replay attack: CVE-2023-36325{% endtrans %}
+- {% trans %}Implement handling of multihomed routers in the netDb{% endtrans %}
+- {% trans %}Fully copy new leaseSets when a leaseSet recievedAsPublished overwrites a leaseSet recievedAsReply{% endtrans %}
+
+Full list of fixed bugs: http://git.idk.i2p/i2p-hackers/i2p.i2p/-/issues?scope=all&state=closed&milestone_title=2.3.0
diff --git a/i2p2www/pages/downloads/docker.html b/i2p2www/pages/downloads/docker.html
index 0a4e3d80..cbc5ba67 100644
--- a/i2p2www/pages/downloads/docker.html
+++ b/i2p2www/pages/downloads/docker.html
@@ -29,7 +29,7 @@ services:
{% trans -%}Volumes{%- endtrans %}
{% trans -%}The container requires a volume for the configuration data to be mounted. Optionally, you can mount a separate volume for torrent (“i2psnark”) downloads. See the example below.{%- endtrans %}
{% trans -%}Memory usage{%- endtrans %}
-{% trans -%}By the default the image limits the memory available to the Java heap to 512MB. You can override that with the JVM_XMX environment variable.{%- endtrans %}
+{% trans -%}By default the image limits the memory available to the Java heap to 512MB. You can override that with the JVM_XMX environment variable.{%- endtrans %}
{% trans -%}Ports{%- endtrans %}
{% trans -%}There are several ports which are exposed by the image. You can choose which ones to publish depending on your specific needs.{%- endtrans %}