diff --git a/Dockerfile b/Dockerfile
index 6f9b570..c309742 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,8 +4,10 @@ FROM ubuntu:18.04
 # The Rust toolchain to use when building our image.  Set by `hooks/build`.
 ARG TOOLCHAIN=stable
 
-# The OpenSSL version to use. We parameterize this because many Rust
-# projects will fail to build with 1.1.
+# The OpenSSL version to use. We parameterize this because many Rust projects
+# will fail to build with 1.1. Here is the place to check for new releases:
+#
+# - https://www.openssl.org/source/
 #
 # ALSO UPDATE hooks/build!
 ARG OPENSSL_VERSION=1.1.1g
@@ -14,14 +16,15 @@ ARG OPENSSL_VERSION=1.1.1g
 # releases:
 #
 # - https://github.com/rust-lang/mdBook/releases
+# - https://github.com/EmbarkStudios/cargo-about/releases
 # - https://github.com/EmbarkStudios/cargo-deny/releases
 # - http://zlib.net/
 # - https://ftp.postgresql.org/pub/source/
 ARG MDBOOK_VERSION=0.3.7
 ARG CARGO_ABOUT_VERSION=0.2.2
-ARG CARGO_DENY_VERSION=0.6.6
+ARG CARGO_DENY_VERSION=0.6.7
 ARG ZLIB_VERSION=1.2.11
-ARG POSTGRESQL_VERSION=11.7
+ARG POSTGRESQL_VERSION=11.8
 
 # Make sure we have basic dev tools for building C libraries.  Our goal
 # here is to support the musl-libc builds and Cargo builds needed for a
diff --git a/README.md b/README.md
index 9559a92..dd49b02 100644
--- a/README.md
+++ b/README.md
@@ -2,14 +2,6 @@
 
 [![Docker Image](https://img.shields.io/docker/pulls/ekidd/rust-musl-builder.svg?maxAge=2592000)](https://hub.docker.com/r/ekidd/rust-musl-builder/)
 
-**OPENSSL SECURITY NOTE:** Previously, `stable` included OpenSSL 1.0.2, and `stable-openssl11` included OpenSSL 1.1.1. However, OpenSSL 1.0.2 is **no longer receiving security fixes,** so the new tagging system will be:
-
-- `stable`: OpenSSL 1.1.1 and the latest stable Rust.
-- **DEPRECATED** `stable-openssl11`: OpenSSL 1.1 and Rust 1.42.0. This will no longer be updated. Use `stable` instead.
-- **DEPRECATED** `1.42.0-openssl10` and `nightly-2020-03-12-openssl10`: OpenSSL 1.0.2. These will not be updated to newer Rust. You will still be able to build newer OpenSSL 1.0.2 images manually.
-
-I hate to break compatibility with projects that require OpenSSL 1.0.2, but since it will receive no future security updates, I no longer feel comfortable supplying pre-built images.
-
 ## What is this?
 
 Do you want to compile a completely static Rust binary with no external dependencies?  If so, try:
@@ -48,6 +40,16 @@ compile [examples/using-diesel](./examples/using-diesel).
 
 [comp]: https://rust-lang.github.io/rustup-components-history/index.html
 
+### OpenSSL security note
+
+Previously, `stable` included OpenSSL 1.0.2, and `stable-openssl11` included OpenSSL 1.1.1. However, OpenSSL 1.0.2 is **no longer receiving security fixes,** so the new tagging system will be:
+
+- `stable`: OpenSSL 1.1.1 and the latest stable Rust.
+- **DEPRECATED** `stable-openssl11`: OpenSSL 1.1 and Rust 1.42.0. This will no longer be updated. Use `stable` instead.
+- **DEPRECATED** `1.42.0-openssl10` and `nightly-2020-03-12-openssl10`: OpenSSL 1.0.2. These will not be updated to newer Rust. You will still be able to build newer OpenSSL 1.0.2 images manually.
+
+I hate to break compatibility with projects that require OpenSSL 1.0.2, but since it will receive no future security updates, I no longer feel comfortable supplying pre-built images.
+
 ## Caching builds
 
 You may be able to speed up build performance by adding the following `-v` commands to the `rust-musl-builder` alias:
@@ -83,8 +85,9 @@ This image also supports the following extra goodies:
 
 - Basic compilation for `armv7` using `musl-libc`. Not all libraries are supported at the moment, however.
 - [`mdbook`][mdbook] and `mdbook-graphviz` for building searchable HTML documentation from Markdown files. Build manuals to use alongside your `cargo doc` output!
-- [`cargo audit`][audit] to check your Rust project for known security issues.
+- [`cargo about`][about] to collect licenses for your dependencies.
 - [`cargo deb`][deb] to build Debian packages
+- [`cargo deny`][deny] to check your Rust project for known security issues.
 
 ## Making OpenSSL work
 
@@ -219,8 +222,9 @@ Either the [Apache 2.0 license](./LICENSE-APACHE.txt), or the
 [MIT license](./LICENSE-MIT.txt).
 
 [Alpine Linux container]: https://hub.docker.com/_/alpine/
-[audit]: https://github.com/RustSec/cargo-audit
+[about]: https://github.com/EmbarkStudios/cargo-about
 [deb]: https://github.com/mmstick/cargo-deb
+[deny]: https://github.com/EmbarkStudios/cargo-deny
 [mdbook]: https://github.com/rust-lang-nursery/mdBook
 [musl-libc]: http://www.musl-libc.org/
 [musl-gcc]: http://www.musl-libc.org/how.html