diff --git a/Dockerfile b/Dockerfile
index b5bbd88..9d09547 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,7 @@
 FROM ubuntu:14.04
 
+ARG PYTHON_VERSION=2.7.16
+
 ENV CKAN_HOME /usr/lib/ckan
 ENV CKAN_CONFIG /etc/ckan/
 ENV CKAN_ENV docker
@@ -8,7 +10,7 @@ WORKDIR /opt/catalog-app
 
 # TODO compile python to /usr/local to avoid this
 # https://github.com/GSA/datagov-deploy/issues/390
-ENV LD_LIBRARY_PATH /usr/local/lib/python2.7.10/lib
+ENV LD_LIBRARY_PATH /usr/local/lib/python${PYTHON_VERSION}/lib
 
 # Install required packages
 RUN apt-get -q -y update && apt-get -q -y install \
@@ -40,11 +42,11 @@ RUN apt-get -q -y update && apt-get -q -y install \
 # copy ckan script to /usr/bin/
 COPY docker/webserver/common/usr/bin/ckan /usr/bin/ckan
 
-# Get python 2.7.10 for virtualenv
-RUN wget http://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
-RUN tar -zxvf Python-2.7.10.tgz
-RUN cd Python-2.7.10 && \
-    ./configure --prefix=/usr/local/lib/python2.7.10/ --enable-ipv6 --enable-unicode=ucs4 --enable-shared && \
+# Get updated python for virtualenv
+RUN wget http://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
+RUN tar -zxvf Python-${PYTHON_VERSION}.tgz
+RUN cd Python-${PYTHON_VERSION} && \
+    ./configure --prefix=/usr/local/lib/python${PYTHON_VERSION}/ --enable-ipv6 --enable-unicode=ucs4 --enable-shared && \
     make && make install
 
 # Upgrade pip & install virtualenv
@@ -69,7 +71,7 @@ RUN ln -s $CKAN_HOME/src/ckan/ckan/config/who.ini $CKAN_CONFIG/who.ini
 RUN mkdir /var/tmp/ckan && chown www-data:www-data /var/tmp/ckan
 
 # Install ckan app
-RUN cd / && ./install.sh
+RUN cd / && ./install.sh /usr/lib/ckan /usr/local/lib/python${PYTHON_VERSION}
 
 # auth_tkt (and ckan) requires repoze.who 2.0. ckanext-saml, used for
 # production requires repoze.who==1.0.18
diff --git a/install.sh b/install.sh
index 44dfb49..63cf15c 100755
--- a/install.sh
+++ b/install.sh
@@ -8,10 +8,14 @@ set -o errexit
 set -o pipefail
 set -o nounset
 
-python_home=/usr/local/lib/python2.7.10
-export LD_LIBRARY_PATH="$python_home/lib"
+# Default umask with hardening is 0027 which causes all kinds of headaches.
+# Make sure files are installed world readable.
+umask 0022
 
 venv="${1:-/usr/lib/ckan}"
+python_home=${2:-/usr/local/lib/python2.7.10}
+export LD_LIBRARY_PATH="$python_home/lib"
+
 pip="$venv/bin/pip"
 
 # create virtual_env
diff --git a/requirements-freeze.txt b/requirements-freeze.txt
index 03df971..108e65b 100644
--- a/requirements-freeze.txt
+++ b/requirements-freeze.txt
@@ -1,13 +1,14 @@
-amqp==1.0.13
+amqp==1.4.9
 amqplib==1.0.2
 anyjson==0.3.3
 Babel==0.9.6
 Beaker==1.6.4
+billiard==3.3.0.23
 boto==2.48.0
-celery==2.4.2
+celery==3.1.25
 certifi==2018.10.15
 chardet==2.3.0
--e git+https://github.com/GSA/ckan.git@83b66167bcf36b3d9d60e1d355a77a8d9dc7fb61#egg=ckan
+-e git+https://github.com/GSA/ckan.git@be5f5939e6223a6d1a9803107aac1cb14ad5dbcd#egg=ckan
 -e git+https://github.com/GSA/ckanext-archiver@bb4d85b5db628cd2a6d576c3fde79ddc0d9b5952#egg=ckanext_archiver
 -e git+https://github.com/GSA/ckanext-datagovtheme@4eea2c54bed9d1e3e679411bbc5b0730eb1a03c9#egg=ckanext_datagovtheme
 -e git+https://github.com/GSA/ckanext-datajson@3205ba3f9af9c37fb0adaed3023c701c23c5cc21#egg=ckanext_datajson
@@ -34,11 +35,11 @@ httplib2==0.11.3
 Jinja2==2.6
 json-table-schema==0.2.1
 jsonschema==2.4.0
-kombu==2.5.0
+kombu==3.0.37
 kombu-sqlalchemy==1.1.0
 LEPL==5.1.3
 lxml==3.5.0
-M2Crypto==0.23.0
+M2Crypto==0.32.0
 Mako==0.9.0
 MarkupSafe==0.18
 meld3==1.0.2
@@ -56,7 +57,7 @@ pbr==0.8.2
 pika==0.9.8
 ply==3.4
 progressbar==2.3
-psycopg2==2.4.5
+psycopg2==2.7.3.2
 pyasn1==0.4.4
 pyasn1-modules==0.2.2
 Pygments==1.6
@@ -83,18 +84,19 @@ Shapely==1.3.1
 simplejson==3.3.1
 six==1.7.3
 solrpy==0.9.5
-SQLAlchemy==0.9.6
-sqlalchemy-migrate==0.9.1
+SQLAlchemy==0.9.10
+sqlalchemy-migrate==0.9.8
 sqlparse==0.1.11
 supervisor==3.2.2
 Tempita==0.5.2
+typing==3.6.6
 unicodecsv==0.9.4
 uritemplate==3.0.0
-vdm==0.13
+vdm==0.14
 WebError==0.10.3
 WebHelpers==1.3
 WebOb==1.0.8
 WebTest==1.4.3
 Werkzeug==0.11.4
 xlrd==1.0.0
-zope.interface==4.1.1
+zope.interface==4.6.0
diff --git a/requirements.txt b/requirements.txt
index e3e5fc7..9554d09 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,9 +1,9 @@
-amqplib==1.0.2
+amqp~=1.4.9
 anyjson==0.3.3
 Babel==0.9.6
 Beaker==1.6.4
 boto==2.48.0
-celery==2.4.2
+celery==3.1.25
 certifi # we always want the latest ssl certificate bundle
 chardet==2.3.0
 
@@ -34,8 +34,7 @@ html5lib==0.9999999
 Jinja2==2.6
 json-table-schema==0.2.1
 jsonschema==2.4.0
-kombu==2.1.3
-kombu-sqlalchemy==1.1.0
+kombu==3.0.37
 LEPL==5.1.3
 lxml==3.5.0
 
@@ -78,13 +77,13 @@ Shapely==1.3.1
 simplejson==3.3.1
 six==1.7.3
 solrpy==0.9.5
-SQLAlchemy==0.9.6
-sqlalchemy-migrate==0.9.1
+SQLAlchemy==0.9.10
+sqlalchemy-migrate==0.9.8
 sqlparse==0.1.11
 supervisor==3.2.2
 Tempita==0.5.2
 unicodecsv==0.9.4
-vdm==0.13
+vdm==0.14
 WebError==0.10.3
 WebHelpers==1.3
 WebOb==1.0.8