diff --git a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
index 5c7c45d7..3d19b767 100644
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
@@ -9,11 +9,21 @@ cleanup:
   deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 
 containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  runAsUser: 1000
+  runAsGroup: 1000
   seccompProfile:
     type: "RuntimeDefault"
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
   seLinuxOptions:
     {{ .Values.seLinuxOptions.openxchangeBootstrap | toYaml | nindent 4 }}
 
+
 image:
   registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.openxchangeBootstrap.registry | quote }}
   url: {{ .Values.images.openxchangeBootstrap.repository | quote }}
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 2ba8fd5f..f58908d3 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -268,7 +268,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
     name: "opendesk-open-xchange-bootstrap"
-    version: "2.0.0"
+    version: "2.1.0"
     verify: true
   otterize:
     # providerCategory: "Platform"