diff --git a/.docker-base/Dockerfile b/.docker-base/Dockerfile
index 7dbf1794d249872005246589b2f9213fdf93e46a..da6e37cdd2f67bdda7956075dec9506ea2947304 100644
--- a/.docker-base/Dockerfile
+++ b/.docker-base/Dockerfile
@@ -1,5 +1,5 @@
 # Use docker as parent image
-FROM docker:19.03.0
+FROM docker:20.10.3
 
 # http://bugs.python.org/issue19846
 ENV LANG C.UTF-8
@@ -9,6 +9,37 @@ RUN apk add --no-cache py3-pip python3 python3-dev gcc make \
     git bash curl gettext  py3-requests 
 RUN apk add --no-cache libffi-dev openssl-dev libc-dev libxslt libxslt-dev \
     libxml2 libxml2-dev
+RUN apk add --no-cache ca-certificates
+
+# install rust (needed for compiling a docker-compose dependency)
+# This is necessary until alpine comes with an up to date RUST
+# copied from https://github.com/rust-lang/docker-rust/blob/bbc7feb12033da3909dced4e88ddbb6964fbc328/1.50.0/alpine3.13/Dockerfile
+
+ENV RUSTUP_HOME=/usr/local/rustup \
+    CARGO_HOME=/usr/local/cargo \
+    PATH=/usr/local/cargo/bin:$PATH \
+    RUST_VERSION=1.50.0
+
+RUN set -eux; \
+    apkArch="$(apk --print-arch)"; \
+    case "$apkArch" in \
+        x86_64) rustArch='x86_64-unknown-linux-musl'; rustupSha256='05c5c05ec76671d73645aac3afbccf2187352fce7e46fc85be859f52a42797f6' ;; \
+        aarch64) rustArch='aarch64-unknown-linux-musl'; rustupSha256='6a8a480d8d9e7f8c6979d7f8b12bc59da13db67970f7b13161ff409f0a771213' ;; \
+        *) echo >&2 "unsupported architecture: $apkArch"; exit 1 ;; \
+    esac; \
+    url="https://static.rust-lang.org/rustup/archive/1.23.1/${rustArch}/rustup-init"; \
+    wget "$url"; \
+    echo "${rustupSha256} *rustup-init" | sha256sum -c -; \
+    chmod +x rustup-init; \
+    ./rustup-init -y --no-modify-path --profile minimal --default-toolchain $RUST_VERSION --default-host ${rustArch}; \
+    rm rustup-init; \
+    chmod -R a+w $RUSTUP_HOME $CARGO_HOME; \
+    rustup --version; \
+    cargo --version; \
+    rustc --version;
+
+
+RUN pip3 install wheel
 RUN pip3 install docker-compose==1.25
 
 # Script for waiting on LA server
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4f99d127ddd22f6133c5942d4c8e46c6af1a725e..20260afc156cba26e68d792740b4e5153555d2a5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -79,7 +79,7 @@ stages:
 # file-system features.
 #
 services:
-  - docker:19.03.0-dind
+  - docker:20.10.3-dind
 
 test:
   tags: [docker]
diff --git a/tests/test_issues_server.py b/tests/test_issues_server.py
index b5c16cb0edc031ac865e57a5bb84874447566481..0eb2129648e9f43901824bd3c3bf413df9f9375c 100644
--- a/tests/test_issues_server.py
+++ b/tests/test_issues_server.py
@@ -29,8 +29,8 @@ import tempfile
 import time
 
 import caosdb as db
-from caosdb.exceptions import TransactionError
 import pytest
+from caosdb.exceptions import TransactionError
 
 
 def setup_module():
@@ -199,3 +199,37 @@ def test_issue_110():
     print(result[0])
     print(a1)
     assert result[0].id == a1.id
+
+
+def test_issue_120():
+    """Editing entities that were created with a no longer existing user leads
+    to a server error.
+
+    The server should throw an error when CHECK_ENTITY_ACL_ROLES_MODE=MUST,
+    otherwise a warning.
+    """
+    # insert an entity
+    entity = db.RecordType("TestRT").insert(flags={"ACL": None})
+
+    db.administration.set_server_property("CHECK_ENTITY_ACL_ROLES_MODE",
+                                          "SHOULD")
+    # update with non-existing user, realm and role
+    entity.deny(
+        realm="CaosDB",
+        username="NON_EXISTING_USER",
+        permission="USE:AS_REFERENCE")
+    entity.update(flags={"ACL": None})
+    assert entity.messages["Warning", 1104][0] == "User Role does not exist."
+
+    entity.deny(
+        realm="NON_EXISTING_REALM",
+        username="NON_EXISTING_USER",
+        permission="USE:AS_REFERENCE")
+    entity.update(flags={"ACL": None})
+    assert entity.messages["Warning", 1104][0] == "User Role does not exist."
+
+    entity.deny(
+        role="ALSO_NON_EXISTING_ROLE",
+        permission="USE:AS_REFERENCE")
+    entity.update(flags={"ACL": None})
+    assert entity.messages["Warning", 1104][0] == "User Role does not exist."
diff --git a/tests/test_server_side_scripting.py b/tests/test_server_side_scripting.py
index 96172dd2fcbe8bfbe6fce1f2ca1494e410c561d6..d3ce2e7145976c386accdd744b436f6b2d83a154 100644
--- a/tests/test_server_side_scripting.py
+++ b/tests/test_server_side_scripting.py
@@ -395,6 +395,7 @@ def test_anonymous_script_calling_success():
     assert xml.xpath("/Response/script/@code")[0] == "0"
 
 
+@mark.local_server
 def test_evil_path():
     subdir = os.path.join(_SERVER_SIDE_SCRIPTING_BIN_DIR_LOCAL, "subdir")
     if not os.path.exists(subdir):