diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9a4e803..52c608a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,6 +5,7 @@ on:
     branches: [main]
   pull_request:
     branches: [main]
+  workflow_dispatch:
 
 jobs:
   lint:
@@ -15,11 +16,15 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Install gitleaks
+        run: |
+          GITLEAKS_VERSION=$(curl -sf https://api.github.com/repos/gitleaks/gitleaks/releases/latest \
+            | grep '"tag_name"' | cut -d'"' -f4)
+          curl -sfL "https://github.com/gitleaks/gitleaks/releases/download/${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION#v}_linux_x64.tar.gz" \
+            | tar -xz -C /usr/local/bin gitleaks
+
       - name: Gitleaks secret scan
-        # v2.3.9
-        uses: gitleaks/gitleaks-action@ff98106e4c7b2bc287b24eaf42907196329070c7
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gitleaks detect --source . --redact
 
       - name: Hadolint
         uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 20bbab3..caec422 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       packages: write
+      contents: write
 
     steps:
       - # v4.3.1
@@ -47,6 +48,15 @@ jobs:
             ${{ env.IMAGE }}:${{ github.ref_name }}
             ${{ env.IMAGE }}:latest
 
+      - name: Publish GitHub release (undraft)
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release edit "${{ github.ref_name }}" \
+            --repo "${{ github.repository }}" \
+            --draft=false
+        continue-on-error: true
+
       - name: Dispatch talos-images rebuild
         env:
           GH_TOKEN: ${{ secrets.TALOS_IMAGES_DISPATCH_TOKEN }}
diff --git a/Dockerfile b/Dockerfile
index a4c5bc6..e9a4989 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,9 @@
 # Talos system extension: packages Firecracker + Jailer for Talos Linux nodes.
 # Ref: https://www.talos.dev/latest/talos-guides/configuration/system-extensions/
 
-ARG FIRECRACKER_VERSION=v1.9.0
-ARG FIRECRACKER_SHA256_X86_64=95c13740c7ca1a6dfb40e0f51cd0a9eefee1f223cd2c3538755d03c3a9ba5237
-ARG FIRECRACKER_SHA256_AARCH64=c5564e76dec2b8e8092c52f0f8a4c5f45cf31791e95a9302f4360a771df78f69
+ARG FIRECRACKER_VERSION=v1.15.0
+ARG FIRECRACKER_SHA256_X86_64=00cadf7f21e709e939dc0c8d16e2d2ce7b975a62bec6c50f74b421cc8ab3cab4
+ARG FIRECRACKER_SHA256_AARCH64=58325e6c3c539482a412ec0b60e6f539c3320adebcf8179c7629d06736aee0bd
 
 # -- download stage -----------------------------------------------------------
 FROM --platform=${BUILDPLATFORM} alpine:3.21 AS download
diff --git a/manifest.yaml b/manifest.yaml
index 6a5e2e3..89bbee8 100644
--- a/manifest.yaml
+++ b/manifest.yaml
@@ -1,7 +1,7 @@
 version: v1alpha1
 metadata:
   name: firecracker
-  version: 1.10.1
+  version: 1.15.0
   author: syscode-labs
   description: Firecracker microVM and Jailer binaries for Talos Linux
   compatibility:
diff --git a/release-please-config.json b/release-please-config.json
index 9f2f124..697ed51 100644
--- a/release-please-config.json
+++ b/release-please-config.json
@@ -5,6 +5,7 @@
       "release-type": "simple",
       "package-name": "talos-ext-firecracker",
       "include-v-in-tag": true,
+      "draft": false,
       "changelog-path": "CHANGELOG.md",
       "extra-files": [
         {