diff --git a/CHANGELOG.md b/CHANGELOG.md
index c65adbb..5ed25af 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -51,6 +51,11 @@ since 0.4.1, and this project adheres to [Semantic Versioning](https://semver.or
 - The `debian` base image is now referenced with a fully qualified URI,
   including the registry hostname ([#1118](https://github.com/freedomofpress/dangerzone/pull/1118)).
   Thanks [@sudoforge](https://github.com/sudoforge) for the contribution.
+- Update the Dangerzone container image and its dependencies (gVisor, Debian base image, H2Orestart) to the latest versions:
+  * Debian image release: `bookworm-20250317-slim@sha256:1209d8fd77def86ceb6663deef7956481cc6c14a25e1e64daec12c0ceffcc19d`
+  * Debian snapshots date: `2025-03-31`
+  * gVisor release date: `2025-03-26`
+  * H2Orestart plugin: `v0.7.2` (`d09bc5c93fe2483a7e4a57985d2a8d0e4efae2efb04375fe4b59a68afd7241e2`)
 
 ### Development changes
 
diff --git a/Dockerfile b/Dockerfile
index 97a8faa..a749560 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,14 +2,14 @@
 # Dockerfile args below. For more info about this file, read
 # docs/developer/reproducibility.md.
 
-ARG DEBIAN_IMAGE_DIGEST=sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc
+ARG DEBIAN_IMAGE_DIGEST=sha256:1209d8fd77def86ceb6663deef7956481cc6c14a25e1e64daec12c0ceffcc19d
 
 FROM docker.io/library/debian@${DEBIAN_IMAGE_DIGEST} AS dangerzone-image
 
-ARG GVISOR_ARCHIVE_DATE=20250217
-ARG DEBIAN_ARCHIVE_DATE=20250226
-ARG H2ORESTART_CHECKSUM=452331f8603ef456264bd72db6fa8a11ca72b392019a8135c0b2f3095037d7b1
-ARG H2ORESTART_VERSION=v0.7.1
+ARG GVISOR_ARCHIVE_DATE=20250326
+ARG DEBIAN_ARCHIVE_DATE=20250331
+ARG H2ORESTART_CHECKSUM=935e68671bde4ca63a364128077f1c733349bbcc90b7e6973bc7a2306494ec54
+ARG H2ORESTART_VERSION=v0.7.2
 
 ENV DEBIAN_FRONTEND=noninteractive
 
diff --git a/Dockerfile.env b/Dockerfile.env
index a229ae3..7a0cef5 100644
--- a/Dockerfile.env
+++ b/Dockerfile.env
@@ -1,15 +1,15 @@
 # Should be the INDEX DIGEST from an image tagged `bookworm-<DATE>-slim`:
 #     https://hub.docker.com/_/debian/tags?name=bookworm-
 #
-# Tag for this digest: bookworm-20250224-slim
-DEBIAN_IMAGE_DIGEST=sha256:12c396bd585df7ec21d5679bb6a83d4878bc4415ce926c9e5ea6426d23c60bdc
+# Tag for this digest: bookworm-20250317-slim
+DEBIAN_IMAGE_DIGEST=sha256:1209d8fd77def86ceb6663deef7956481cc6c14a25e1e64daec12c0ceffcc19d
 # Can be bumped to today's date
-DEBIAN_ARCHIVE_DATE=20250226
+DEBIAN_ARCHIVE_DATE=20250331
 # Can be bumped to the latest date in https://github.com/google/gvisor/tags
-GVISOR_ARCHIVE_DATE=20250217
+GVISOR_ARCHIVE_DATE=20250326
 # Can be bumped to the latest version and checksum from https://github.com/ebandal/H2Orestart/releases
-H2ORESTART_CHECKSUM=452331f8603ef456264bd72db6fa8a11ca72b392019a8135c0b2f3095037d7b1
-H2ORESTART_VERSION=v0.7.1
+H2ORESTART_CHECKSUM=935e68671bde4ca63a364128077f1c733349bbcc90b7e6973bc7a2306494ec54
+H2ORESTART_VERSION=v0.7.2
 
 # Buildkit image (taken from freedomofpress/repro-build)
 BUILDKIT_IMAGE="docker.io/moby/buildkit:v19.0@sha256:14aa1b4dd92ea0a4cd03a54d0c6079046ea98cd0c0ae6176bdd7036ba370cbbe"