Adverties binding to 127.0.0.1 only

[jest]

In README you give an examples of using the image:

docker run -p 8192:8192 --name=polynote -d -t greglinscheid/polynote:latest

The problem is, this allows access from outside of the computer to port 8192, even if you think your firewall should catch it (in most cases; see https://github.com/moby/moby/issues/22054 for lengthy discussion)

More secure way is to expose -p 127.0.0.1:8192:8192, esp. as this allows to run arbitrary code in the container.