diff --git a/README.rst b/README.rst
index d4c0f5bf..bccb086f 100644
--- a/README.rst
+++ b/README.rst
@@ -182,13 +182,23 @@ DB Models
 Changelog
 =========
 
+v. 0.6.4
+--------
+
+* Provisioning and stability updates (`#121 <https://github.com/libris/xl_auth/issues/121>`_,
+  `#122 <https://github.com/libris/xl_auth/issues/122>`_)
+
+
 v. 0.6.3
 --------
 
 * Added "view collection" link to user profile page
 * *Terms of Service* view added, requesting the user to approve
+  (`#112 <https://github.com/libris/xl_auth/issues/112>`_)
 * Bug fix for loading Voyager permissions on SEK
   (`#113 <https://github.com/libris/xl_auth/issues/113>`_)
+* Bug fix for permissions exchange with LibrisXL
+  (`#110 <https://github.com/libris/xl_auth/issues/110>`_)
 
 
 v. 0.6.2
diff --git a/ansible/roles/common/tasks/install-packages.yml b/ansible/roles/common/tasks/install-packages.yml
index 480ef438..563f2bc5 100644
--- a/ansible/roles/common/tasks/install-packages.yml
+++ b/ansible/roles/common/tasks/install-packages.yml
@@ -11,6 +11,7 @@
     - tree
     - gcc
     - python-devel
+    - yum-plugin-versionlock
 
 - name: install emacs
   yum: name=emacs state=present
diff --git a/ansible/roles/docker/handlers/main.yml b/ansible/roles/docker/handlers/main.yml
new file mode 100644
index 00000000..9f63de88
--- /dev/null
+++ b/ansible/roles/docker/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+
+- name: restart docker
+  service: name=docker state=restarted
+  check_mode: no
+
+...
diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml
index 28710252..ae9df2a0 100644
--- a/ansible/roles/docker/tasks/main.yml
+++ b/ansible/roles/docker/tasks/main.yml
@@ -8,8 +8,20 @@
     gpgkey: https://download.docker.com/linux/centos/gpg
   tags: docker
 
-- name: install docker-ce-17.09.0.ce
-  yum: name=docker-ce-17.09.0.ce state=present
+- name: remove docker-ce version lock
+  shell: yum versionlock delete docker-ce
+  register: versionlock_delete_docker
+  changed_when: '"versionlock delete: no matches" in versionlock_delete_docker.stdout'
+  failed_when: no
+  tags: docker
+
+- name: install docker-ce-17.09.1.ce
+  yum: name=docker-ce-17.09.1.ce state=present allow_downgrade=yes
+  tags: docker
+
+- name: add docker-ce version lock
+  shell: yum versionlock docker-ce
+  changed_when: no
   tags: docker
 
 - name: install docker-compose-1.16.1
@@ -17,11 +29,10 @@
   tags: docker
 
 - name: template docker daemon.json
-  lineinfile:
+  template:
+    src: daemon.json.j2
     dest: /etc/docker/daemon.json
-    state: absent
-    create: yes
-    line: '{"experimental": true}'
+  notify: restart docker
   tags: docker
 
 - name: docker running and enabled
diff --git a/ansible/roles/docker/templates/daemon.json.j2 b/ansible/roles/docker/templates/daemon.json.j2
new file mode 100644
index 00000000..a75f725f
--- /dev/null
+++ b/ansible/roles/docker/templates/daemon.json.j2
@@ -0,0 +1,3 @@
+{
+    "iptables": false
+}
diff --git a/ansible/roles/xl_auth/tasks/main.yml b/ansible/roles/xl_auth/tasks/main.yml
index e771fbb4..a1278ebc 100644
--- a/ansible/roles/xl_auth/tasks/main.yml
+++ b/ansible/roles/xl_auth/tasks/main.yml
@@ -5,6 +5,7 @@
     name: postgres
     image: postgres:9.4-alpine
     state: started
+    restart_policy: unless-stopped
     volume_driver: local
     volumes:
       - postgres:/var/lib/postgresql/data
@@ -23,6 +24,7 @@
     pull: yes
     command: run -h 0.0.0.0 -p 5000 --with-threads
     state: started
+    restart_policy: unless-stopped
     links:
       - postgres
     ports:
diff --git a/package-lock.json b/package-lock.json
index c12146b1..3a8c4af5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "0.6.3",
+  "version": "0.6.4",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 88b91556..b22b561f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xl_auth",
-  "version": "0.6.3",
+  "version": "0.6.4",
   "author": "National Library of Sweden",
   "license": "Apache-2.0",
   "description": "Authorization and OAuth2 provider for LibrisXL",