diff --git a/apps-gx10/intranet/deployment-intranet-web.json b/apps-gx10/intranet/deployment-intranet-web.json
index 11cd0f9..ec276df 100644
--- a/apps-gx10/intranet/deployment-intranet-web.json
+++ b/apps-gx10/intranet/deployment-intranet-web.json
@@ -49,13 +49,17 @@
                 "name": "IntranetSearch__Enabled",
                 "value": "true"
               },
-              {
-                "name": "PageReadingOverrides__DatabasePath",
-                "value": "/data/page-reading-overrides.db"
-              },
-              {
-                "name": "KnowledgeFleetSearch__BaseUrl",
-                "value": "https://knowledge.iamworkin.lan"
+              {
+                "name": "PageReadingOverrides__DatabasePath",
+                "value": "/data/page-reading-overrides.db"
+              },
+              {
+                "name": "FlowerCore__Theme__DatabasePath",
+                "value": "/data/intranet-theme.db"
+              },
+              {
+                "name": "KnowledgeFleetSearch__BaseUrl",
+                "value": "https://knowledge.iamworkin.lan"
               },
               {
                 "name": "KnowledgeFleetSearch__ApiKey",
@@ -78,9 +82,18 @@
                 }
               }
             ],
-            "image": "localhost/fc-intranet-web:gx10-v1",
-            "imagePullPolicy": "Never",
-            "livenessProbe": {
+            "image": "localhost/fc-intranet-web:v20260617-sec5-intranet-1abdf90",
+            "imagePullPolicy": "Never",
+            "securityContext": {
+              "allowPrivilegeEscalation": false,
+              "capabilities": {
+                "drop": [
+                  "ALL"
+                ]
+              },
+              "readOnlyRootFilesystem": true
+            },
+            "livenessProbe": {
               "failureThreshold": 3,
               "httpGet": {
                 "path": "/health",
@@ -129,19 +142,33 @@
                 "mountPath": "/data",
                 "name": "vector-store"
               },
-              {
-                "mountPath": "/srv/flowercore-notes",
-                "name": "notes-corpus",
-                "readOnly": true
-              }
-            ]
+              {
+                "mountPath": "/srv/flowercore-notes",
+                "name": "notes-corpus",
+                "readOnly": true
+              },
+              {
+                "mountPath": "/tmp",
+                "name": "temp"
+              },
+              {
+                "mountPath": "/app/logs",
+                "name": "logs"
+              }
+            ]
           }
         ],
         "dnsPolicy": "ClusterFirst",
         "restartPolicy": "Always",
         "schedulerName": "default-scheduler",
-        "securityContext": {},
-        "terminationGracePeriodSeconds": 30,
+        "securityContext": {
+          "fsGroup": 1654,
+          "fsGroupChangePolicy": "OnRootMismatch",
+          "runAsGroup": 1654,
+          "runAsNonRoot": true,
+          "runAsUser": 1654
+        },
+        "terminationGracePeriodSeconds": 30,
         "volumes": [
           {
             "name": "vector-store",
@@ -149,11 +176,19 @@
               "claimName": "intranet-vector-store"
             }
           },
-          {
-            "emptyDir": {},
-            "name": "notes-corpus"
-          }
-        ]
+          {
+            "emptyDir": {},
+            "name": "notes-corpus"
+          },
+          {
+            "emptyDir": {},
+            "name": "temp"
+          },
+          {
+            "emptyDir": {},
+            "name": "logs"
+          }
+        ]
       }
     }
   }