diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml
index 74b0e6a..5483e7b 100644
--- a/charts/collab/Chart.yaml
+++ b/charts/collab/Chart.yaml
@@ -3,7 +3,7 @@ name: codetogether-collab
 description: CodeTogether Collab
 
 type: application
-version: 1.2.3
+version: 1.2.4
 appVersion: "2025.1.0"
 
 icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png
diff --git a/charts/collab/templates/deployment.yaml b/charts/collab/templates/deployment.yaml
index eb2332e..c5f8342 100644
--- a/charts/collab/templates/deployment.yaml
+++ b/charts/collab/templates/deployment.yaml
@@ -253,7 +253,8 @@ spec:
         - name: codetogether-runtime
           emptyDir: {}
         - name: codetogether-tmp
-          emptyDir: {}
+          emptyDir:
+            medium: Memory
       {{- else if .Values.favicon.enabled }}
       volumes:
         - name: favicon-volume
diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml
index 9a663bd..45f712c 100644
--- a/charts/collab/values.yaml
+++ b/charts/collab/values.yaml
@@ -211,12 +211,12 @@ serviceAccount:
 
 podAnnotations: {}
 
-securityContext: {} #defaults to
+securityContext: {} #defaults
   # capabilities:
   #   drop:
   #   - ALL
-  # runAsNonRoot: true
   # readOnlyRootFilesystem: true # enable for read-only setup
+  # runAsNonRoot: true
   # runAsUser: 0 # Use '0' for root user for read-only setup
 
 readinessProbe:
diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml
index 0e2f3cd..72f3c89 100644
--- a/charts/intel/Chart.yaml
+++ b/charts/intel/Chart.yaml
@@ -3,7 +3,7 @@ name: codetogether-intel
 description: CodeTogether Intel provides advanced project insights for developers
 
 type: application
-version: 1.2.6
+version: 1.2.7
 appVersion: "2025.3.0"
 
 icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png
diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml
index 3ccea51..e3fd996 100644
--- a/charts/intel/templates/deployment.yaml
+++ b/charts/intel/templates/deployment.yaml
@@ -26,17 +26,6 @@ spec:
       imagePullSecrets:
         - name: {{ include "codetogether.fullname" . }}-pull-secret
       {{- end }}
-      {{- if .Values.readOnlyMode.enabled }}
-      initContainers:
-        - name: prepare-ro
-          image: busybox:latest
-          securityContext:
-            runAsUser: 0
-          command: ["sh", "-lc", "mkdir -p /mnt/volatile/var-log-nginx /mnt/volatile/var-cache-nginx /mnt/var/log-codetogether || true"]
-          volumeMounts:
-            - name: volatile
-              mountPath: /mnt/volatile
-      {{- end }}
       serviceAccountName: {{ include "codetogether.serviceAccountName" . }}
       containers:
         - name: {{ .Chart.Name }}
@@ -110,6 +99,7 @@ spec:
                   key: apiKey
               {{- end }}
             {{- end }}
+{{- if .Values.securityContext.readOnlyRootFilesystem }}
           volumeMounts:
             - name: properties-volume
               mountPath: /opt/codetogether/runtime/cthq.properties
@@ -119,20 +109,26 @@ spec:
               mountPath: /etc/ssl/certs/java/cacerts
               subPath: cacerts
             {{- end }}
-            {{- if .Values.readOnlyMode.enabled }}
-            - name: volatile
-              mountPath: /run/volatile
-            - name: run
-              mountPath: /run
-            - name: tmp
-              mountPath: /tmp
-            - name: volatile
-              mountPath: /var/log/nginx
-              subPath: var-log-nginx
-            - name: volatile
-              mountPath: /var/cache/nginx
-              subPath: var-cache-nginx            
+            # Read-only root FS mounts
+            - mountPath: /run
+              name: codetogether-runtime
+            - mountPath: /tmp
+              name: codetogether-tmp
+            - mountPath: /var/log/nginx
+              name: codetogether-runtime
+            - mountPath: /var/cache/nginx
+              name: codetogether-runtime
+{{- else }}
+          volumeMounts:
+            - name: properties-volume
+              mountPath: /opt/codetogether/runtime/cthq.properties
+              subPath: cthq.properties
+            {{- if .Values.java.customCacerts.enabled }}
+            - name: java-cacerts
+              mountPath: /etc/ssl/certs/java/cacerts
+              subPath: cacerts
             {{- end }}
+{{- end }}
           ports:
             - name: http
               containerPort: 1080
@@ -181,16 +177,14 @@ spec:
           secret:
             secretName: {{ .Values.java.customCacerts.cacertsSecretName }}
         {{- end }}
-        {{- if .Values.readOnlyMode.enabled }}
-        - name: volatile
+{{- if .Values.securityContext.readOnlyRootFilesystem }}
+        - name: codetogether-runtime
           emptyDir: {}
-        - name: run
-          emptyDir:
-            medium: Memory
-        - name: tmp
+        - name: codetogether-tmp
           emptyDir:
             medium: Memory
-        {{- end }}
+{{- end }}
+
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -202,4 +196,4 @@ spec:
       {{- with .Values.tolerations }}
       tolerations:
         {{- toYaml . | nindent 8 }}
-      {{- end }}
\ No newline at end of file
+      {{- end }}
diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml
index a0378cb..0405873 100644
--- a/charts/intel/values.yaml
+++ b/charts/intel/values.yaml
@@ -138,9 +138,8 @@ securityContext: {} #defaults to
   #   drop:
   #   - ALL
   #readOnlyRootFilesystem: true  # enable for read-only setup
-  #runAsUser: 0 # Use '0' for root user for read-only setup
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  # runAsNonRoot: true           # false for non-root user
+  # runAsUser: 0 # Use '0' for root user for read-only setup
 
 ai:
   enabled: false
@@ -180,7 +179,4 @@ tolerations: []
 
 affinity: {}
 
-replicaCount: 1
-
-readOnlyMode:
-  enabled: false # Set to 'true' to enable read-only mode
\ No newline at end of file
+replicaCount: 1
\ No newline at end of file