diff --git a/.github/workflows/reusable-e2e.yml b/.github/workflows/reusable-e2e.yml
index 6cf18a7..ea7c21f 100644
--- a/.github/workflows/reusable-e2e.yml
+++ b/.github/workflows/reusable-e2e.yml
@@ -37,21 +37,7 @@ defaults:
     # default failure handling for shell scripts in 'run' steps
     shell: 'bash -Eeuo pipefail -x {0}'
 
-permissions:
-  actions: none
-  attestations: none
-  checks: none
-  contents: none
-  deployments: none
-  id-token: none
-  issues: none
-  models: none
-  discussions: none
-  packages: none
-  pages: none
-  pull-requests: none
-  security-events: none
-  statuses: none
+permissions: {}
 
 jobs:
   e2e-local:
@@ -66,7 +52,8 @@ jobs:
       POSTGRES_VERSION: ${{ inputs.major_version }}
       POSTGRES_IMG: ${{ inputs.postgres_img }}
       POSTGRES_KIND: "PostgreSQL"
-      MAJOR_UPGRADE_IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}/postgresql-trunk"
+      POSTGRES_MAJOR_UPGRADE_IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}/postgresql-trunk"
+      POSTGIS_MAJOR_UPGRADE_IMAGE_REGISTRY: "ghcr.io/${{ github.repository_owner }}/postgresql-trunk"
 
       DOCKER_SERVER: ghcr.io
       DOCKER_USERNAME: ${{ github.actor }}
diff --git a/Dockerfile b/Dockerfile
index d6588f4..354e101 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@
 #
 ARG BASE=debian:13.1-slim
 
-FROM $BASE AS build-layer
+FROM $BASE AS minimal
 
 ARG PG_REPO=https://git.postgresql.org/git/postgresql.git
 ARG PG_BRANCH=master
@@ -27,36 +27,36 @@ ARG PG_MAJOR=19
 
 COPY build-deps.txt /
 
+ENV PATH=/usr/lib/postgresql/$PG_MAJOR/bin:$PATH
+
 # Install runtime and build dependencies
 RUN apt-get update && \
-	apt-get install -y --no-install-recommends \
+	apt-get install -y --no-install-recommends -o Dpkg::::="--force-confdef" -o Dpkg::::="--force-confold" \
 		gnupg \
 		dirmngr \
 		ca-certificates \
 		ssl-cert \
 		libnss-wrapper \
 		libgssapi-krb5-2 \
+		libprotobuf-c1 \
+		libnuma1 \
+		liburing2 \
 		libxml2 \
-		libllvm16 \
+		libllvm19 \
 		libxslt1.1 \
 		xz-utils \
 		zstd \
+		libicu76 \
 		postgresql-common \
-		$(cat /build-deps.txt) && \
-	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/*
-
-RUN usermod -u 26 postgres
-
-ENV PG_MAJOR=$PG_MAJOR
-ENV PATH=/usr/lib/postgresql/$PG_MAJOR/bin:$PATH
-
-# Build PostgreSQL
-# Partially refer to https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile#L119-L159
-RUN mkdir -p /usr/src/postgresql && \
+		$(cat /build-deps.txt) \
+	&& \
+	usermod -u 26 postgres && \
+	# Build PostgreSQL
+	mkdir -p /usr/src/postgresql && \
 	git clone -b "$PG_BRANCH" --single-branch "$PG_REPO" /usr/src/postgresql && \
 	cd /usr/src/postgresql && \
-	export LLVM_CONFIG="/usr/lib/llvm-16/bin/llvm-config" && \
-	export CLANG=clang-16 && \
+	export LLVM_CONFIG="/usr/lib/llvm-19/bin/llvm-config" && \
+	export CLANG=clang-19 && \
 	./configure \
 		--build=x86_64-linux-gnu \
 		--prefix=/usr \
@@ -86,6 +86,8 @@ RUN mkdir -p /usr/src/postgresql && \
 		--with-systemd \
 		--with-selinux \
 		--with-zstd \
+		--with-liburing \
+		--with-libnuma \
 		--with-extra-version=-$(git rev-parse --short HEAD) \
 		--datarootdir=/usr/share/ \
 		--infodir=/usr/share/info \
@@ -105,46 +107,59 @@ RUN mkdir -p /usr/src/postgresql && \
 	&& \
 	make -j "$(nproc)" world-bin && \
 	make install-world-bin && \
-	rm -rf /usr/src/postgresql
-
-# DoD 2.3 - remove setuid/setgid from any binary that not strictly requires it, and before doing that list them on the stdout
-RUN find / -not -path "/proc/*" -perm /6000 -type f -exec ls -ld {} \; -exec chmod a-s {} \; || true
+	apt-get purge -y --auto-remove $(cat /build-deps.txt) && \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \
+	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/* /usr/src/postgresql
 
-
-FROM build-layer AS minimal
-RUN apt-get purge -y --auto-remove $(cat /build-deps.txt) && \
-	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/*
 USER 26
 
-FROM build-layer AS standard
-# TODO: re-enable once https://github.com/pgaudit/pgaudit/issues/257 is fixed
+FROM minimal AS standard
+USER root
+
 # Build PgAudit
 # See to https://github.com/pgaudit/pgaudit/blob/master/README.md#compile-and-install
-# RUN mkdir -p /usr/src/pgaudit && \
+# TODO: uncomment when https://github.com/pgaudit/pgaudit/issues/257 is fixed
+#RUN apt-get update && \
+#	apt-get install -y --no-install-recommends \
+#		build-essential \
+#		git \
+#		libssl-dev \
+#		libkrb5-dev \
+#	&& \
+#	mkdir -p /usr/src/pgaudit && \
 #	git clone -b main --single-branch https://github.com/pgaudit/pgaudit.git /usr/src/pgaudit && \
 #	cd /usr/src/pgaudit && \
 #	make install USE_PGXS=1 PG_CONFIG=/usr/lib/postgresql/$PG_MAJOR/bin/pg_config && \
-#	rm -rf /usr/src/pgaudit
+#	apt-get purge -y --auto-remove \
+#		build-essential \
+#		git \
+#		libssl-dev \
+#		libkrb5-dev \
+#	&& \
+#	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \
+#	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/* /usr/src/pgaudit
 
 # Install all locales
 RUN apt-get update && \
-	apt-get install -y --no-install-recommends locales-all
-
-RUN apt-get purge -y --auto-remove $(cat /build-deps.txt) && \
+	apt-get install -y --no-install-recommends locales-all && \
 	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/*
+
 USER 26
 
-FROM build-layer AS postgis
+FROM standard AS postgis
+USER root
 ARG POSTGIS_REPO=https://github.com/postgis/postgis.git
 ARG POSTGIS_BRANCH=master
 
 RUN apt-get update && \
 	apt-get install -y --no-install-recommends \
+		$(cat /build-deps.txt) \
+		# runtime deps
 		libproj25 \
 		libpq5 \
-		libgdal32 \
-		libgeos-c1v5 \
-		libsfcgal1 \
+		libgdal36 \
+		libgeos-c1t64 \
+		libsfcgal2 \
 	&& \
 	mkdir -p /usr/src/postgis && \
 	git clone -b "$POSTGIS_BRANCH" --single-branch "$POSTGIS_REPO" /usr/src/postgis && \
@@ -153,8 +168,8 @@ RUN apt-get update && \
 	./configure --with-pgconfig=/usr/lib/postgresql/$PG_MAJOR/bin/pg_config --with-sfcgal && \
 	make -j$(nproc) && \
 	make install && \
-	rm -rf /usr/src/postgis
+	apt-get purge -y --auto-remove $(cat /build-deps.txt) && \
+	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false && \
+	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/* /usr/src/postgis
 
-RUN apt-get purge -y --auto-remove $(cat /build-deps.txt) && \
-	rm -rf /var/lib/apt/lists/* /var/cache/* /var/log/*
 USER 26
diff --git a/build-deps.txt b/build-deps.txt
index 04001e0..e16527d 100644
--- a/build-deps.txt
+++ b/build-deps.txt
@@ -1,12 +1,11 @@
 autoconf
 automake
 bison
-libjson-c-dev
 build-essential
-clang-16
+clang-19
 cmake
-docbook-xml
 docbook5-xml
+docbook-xml
 flex
 gettext
 git
@@ -18,11 +17,12 @@ libgdal-dev
 libgeos-dev
 libgmp-dev
 libipc-run-perl
+libjson-c-dev
 libkrb5-dev
 libldap-dev
 liblz4-dev
+libnuma-dev
 libpam0g-dev
-libpcre3-dev
 libperl-dev
 libproj-dev
 libprotobuf-c-dev
@@ -34,10 +34,11 @@ libssl-dev
 libsystemd-dev
 libtiff-dev
 libtool
+liburing-dev
 libxml2-utils
 libxslt1-dev
 libzstd-dev
-llvm-16-dev
+llvm-19-dev
 pkg-config
 protobuf-c-compiler
 python3-dev
diff --git a/defaults.json b/defaults.json
index 6c0fd29..582f9ce 100644
--- a/defaults.json
+++ b/defaults.json
@@ -1,5 +1,5 @@
 {
-  "PG_IMAGE": "ghcr.io/cloudnative-pg/postgresql-trunk:19-minimal-bookworm",
+  "PG_IMAGE": "ghcr.io/cloudnative-pg/postgresql-trunk:19-minimal-trixie",
   "PG_MAJOR": 19,
   "CNPG_BRANCH": "main",
   "TEST_DEPTH": 4,