diff --git a/Containerfile b/Containerfile
index d50b7b0..ade0e80 100644
--- a/Containerfile
+++ b/Containerfile
@@ -7,15 +7,19 @@ FROM python:3.11-slim AS builder
 
 WORKDIR /build
 
-# Install build dependencies
+# Install build dependencies and clean up
 RUN apt-get update && apt-get install -y --no-install-recommends \
     gcc \
-    && rm -rf /var/lib/apt/lists/*
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 # Create virtual environment
 RUN python -m venv /opt/venv
 ENV PATH="/opt/venv/bin:$PATH"
 
+# Upgrade pip/setuptools first (pulls in security-fixed jaraco.context)
+RUN pip install --no-cache-dir --upgrade pip setuptools wheel
+
 # Install Python dependencies
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt gunicorn
@@ -27,8 +31,9 @@ FROM python:3.11-slim
 LABEL maintainer="FlaskPaste"
 LABEL description="Lightweight secure pastebin REST API"
 
-# Create non-root user
-RUN groupadd -r flaskpaste && useradd -r -g flaskpaste flaskpaste
+# Clean base image caches and create non-root user
+RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* \
+    && groupadd -r flaskpaste && useradd -r -g flaskpaste flaskpaste
 
 # Copy virtual environment from builder
 COPY --from=builder /opt/venv /opt/venv