diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index fbf62c3..63b446e 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -17,7 +17,7 @@ jobs:
       contents: write
       packages: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: "Configure git client"
         shell: bash
         run: |
@@ -26,13 +26,13 @@ jobs:
   
           git config user.name "${{ github.actor }}"
           git config user.email "${{ github.actor }}@users.noreply.github.com"
-      - uses: docker/login-action@v3
+      - uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
+      - uses: docker/setup-qemu-action@v4
+      - uses: docker/setup-buildx-action@v4
       - name: "Is a release or a feature version needed?"
         id: define-changelog-validation
         shell: bash
@@ -130,7 +130,7 @@ jobs:
             echo "tag=${tag}" >>"${GITHUB_OUTPUT}"
           fi
       - id: build
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: src/main/docker
           load: true
@@ -158,7 +158,7 @@ jobs:
           fi
       - name: Build and push
         if: steps.define-build.outputs.kind == 'publish'
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: src/main/docker
           platforms: linux/amd64,linux/arm64
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a50e02c..b541ef4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,21 @@ Categories, defined in [changemap.json](.github/clq/changemap.json):
   - `Fixed` for any bugfixes.
   - `Security` in case of vulnerabilities.
 
+## [2.4.0] - 2026-04-03
+
+### Added
+
+- Introduce an optional `extensions` configuration in the `values.properties` file to specify additional Postgres extensions to be created.
+  The `pg_trgm` and `btree_gin` extensions are always included by default.
+
+### Fixed
+
+- Bump `actions/checkout` from 5 to 6
+- Bump `docker/build-push-action` from 6 to 7
+- Bump `docker/login-action` from 3 to 4
+- Bump `docker/setup-buildx-action` from 3 to 4
+- Bump `alpine` from 3.20 to 3.23
+
 ## [2.3.0] - 2026-01-22
 
 ### Added
diff --git a/README.md b/README.md
index e6153f4..89a2e7b 100644
--- a/README.md
+++ b/README.md
@@ -24,12 +24,13 @@ A property file, it contains un-escaped values to define the database to be crea
 
 Keys and values are separated with a `=`. Comment lines, starting with a `#`, are ignored.
 
-| Property               | Required | Description                                    |
-| ---------------------- | -------- | ---------------------------------------------- |
-| database_name          | yes      | Name of the database                           |
-| database_owner         | yes      | Name of the database owner                     |
-| database_owner_passwor | yes      | Password for the database owner                |
-| connection_limit       | no       | Initial connection cout limit, defaults to 100 |
+| Property                | Required | Description                                                                                           |
+|-------------------------|----------|-------------------------------------------------------------------------------------------------------|
+| database_name           | yes      | Name of the database                                                                                  |
+| database_owner          | yes      | Name of the database owner                                                                            |
+| database_owner_password | yes      | Password for the database owner                                                                       |
+| connection_limit        | no       | Initial connection count limit, defaults to 100                                                       |
+| extensions              | no       | Comma-separated names of Postgres extensions to create; `pg_trgm` and `btree_gin` are always included |
 
 Mount the file at `/home/values.properties`.
 
@@ -40,9 +41,8 @@ A property file, it contains un-escaped values for the master user name and pass
 
 Keys and values are separated with a `=`. Comment lines, starting with a `#`, are ignored.
 
-
 | Property   | Required | Description                  |
-| ---------- | -------- | ---------------------------- |
+|------------|----------|------------------------------|
 | PGUSER     | yes      | Name of the master user      |
 | PGPASSWORD | yes      | Password for the master user |
 
@@ -61,12 +61,13 @@ Mount the file at `/home/.pgpass`.
 ```shell
 docker buildx build src/main/docker --tag arda-cards/postgres-database-initializer
 ```
+
 Alternative:
+
 ```shell
 make build
 ```
 
-
 # How to test
 
 ```shell
@@ -74,6 +75,7 @@ docker compose -f src/test/docker/compose.yaml up --renew-anon-volumes
 ```
 
 Alternative:
+
 ```shell
 make test
 ```
@@ -85,9 +87,11 @@ Then inspect the log.
 The script `tests.sh` runs all the integration tests.
 
 The *clean build* command is
+
 ```shell
 docker system prune --volumes --force; ./tests.sh
 ```
+
 The command purges the local docker installation from any temporary images, volumes, ...
 
 # How to use
diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile
index ebea737..ba89fcf 100644
--- a/src/main/docker/Dockerfile
+++ b/src/main/docker/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.23
 
 RUN apk add --update --no-cache postgresql16-client
 
diff --git a/src/main/docker/create.sql b/src/main/docker/create.sql
index b3ad9c7..acc8ff0 100644
--- a/src/main/docker/create.sql
+++ b/src/main/docker/create.sql
@@ -58,10 +58,10 @@ GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO :"database_role";
 
 -- Create extensions as the current psql user (typically a superuser) after connecting to the database.
 -- This is done here because creating these extensions requires superuser privileges that the application roles do not have.
--- Enable pg_trgm extension for fuzzy string matching
-CREATE EXTENSION IF NOT EXISTS pg_trgm;
--- Enable btree_gin extension for types other than Strings.
-CREATE EXTENSION IF NOT EXISTS btree_gin;
+SELECT format('CREATE EXTENSION IF NOT EXISTS %I', btrim(extension_name))
+FROM regexp_split_to_table(:'extensions', ',') AS extension_name
+WHERE btrim(extension_name) <> ''
+\gexec
 
 -- Revoke the ability to drop the database or create new users
 REVOKE CREATE ON DATABASE :"database_name" FROM :"database_owner";
diff --git a/src/main/docker/entrypoint.sh b/src/main/docker/entrypoint.sh
index cf3037d..f7f2152 100755
--- a/src/main/docker/entrypoint.sh
+++ b/src/main/docker/entrypoint.sh
@@ -26,20 +26,37 @@ else
   # Handle escaped colons (\:) and backslashes (\\) in .pgpass
   bs_ph="<BS_ESCAPE>"
   cl_ph="<CL_ESCAPE>"
-  pg_user="$(grep -v -e '^#' ${PGPASSFILE} | \
-    sed -e "s/\\\\\\\\/${bs_ph}/g" -e "s/\\\\:/${cl_ph}/g" | \
-    cut -d : -f 4 | \
+  pg_user="$(grep -v -e '^#' ${PGPASSFILE} |
+    sed -e "s/\\\\\\\\/${bs_ph}/g" -e "s/\\\\:/${cl_ph}/g" |
+    cut -d : -f 4 |
     sed -e "s/${cl_ph}/:/g" -e "s/${bs_ph}/\\\\/g")"
 fi
 chmod -f 0600 ${PGPASSFILE}
 
 readonly values=/home/values.properties
+normalized_extensions=
+for extension in $(
+    echo "pg_trgm,btree_gin,$(sed -n -e 's/^extensions=//p' "${values}")" |
+    awk -F',' '{ for (i = 1; i <= NF; i++) { gsub(/^[[:space:]]+|[[:space:]]+$/, "", $i); if ($i != "") print $i } }' |
+    sort -u \
+  ); do
+  if ! printf '%s' "${extension}" | grep -Eq '^[A-Za-z_][A-Za-z0-9_]*$'; then
+    echo "Invalid extension name: ${extension}"
+    exit 1
+  fi
+  if [ -n "${normalized_extensions}" ]; then
+    normalized_extensions="${normalized_extensions},${extension}"
+  else
+    normalized_extensions="${extension}"
+  fi
+done
 {
   echo "\set database_name '$(sed -n -e 's/^database_name=//p' "${values}")'"
   echo "\set database_owner '$(sed -n -e 's/^database_owner=//p' "${values}")'"
   echo "\set database_owner_password '$(sed -n -e 's/^database_owner_password=//p' "${values}")'"
   connection_limit=$(sed -n -e 's/^connection_limit=//p' "${values}" | cut -d = -f 2)
   echo "\set connection_limit ${connection_limit:-100}"
+  echo "\set extensions '${normalized_extensions}'"
 } >/home/values.sql
 
 command=/home/create.sql
diff --git a/src/test/docker/test_all.sql b/src/test/docker/test_all.sql
index 32c1f7f..2639145 100644
--- a/src/test/docker/test_all.sql
+++ b/src/test/docker/test_all.sql
@@ -15,3 +15,17 @@ BEGIN
     END IF;
 END;
 $$;
+
+DO $$
+BEGIN
+    IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_trgm') THEN
+        RAISE EXCEPTION 'Extension pg_trgm was not created';
+    END IF;
+    IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'btree_gin') THEN
+        RAISE EXCEPTION 'Extension btree_gin was not created';
+    END IF;
+    IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'btree_gist') THEN
+        RAISE EXCEPTION 'Extension btree_gist was not created';
+    END IF;
+END;
+$$;
diff --git a/src/test/docker/values_all.properties b/src/test/docker/values_all.properties
index 005d58d..19b385a 100644
--- a/src/test/docker/values_all.properties
+++ b/src/test/docker/values_all.properties
@@ -2,3 +2,4 @@ database_name=test_db_all
 database_owner=test_db_all_owner
 database_owner_password=test_db_all_owner_pwd
 connection_limit=25
+extensions=pg_trgm, btree_gist