diff --git a/check_process b/check_process
index 43d9545..eea481a 100644
--- a/check_process
+++ b/check_process
@@ -1,8 +1,6 @@
 # See here for more informations
 # https://github.com/YunoHost/package_check#syntax-check_process-file
 
-# Move this file from check_process.default to check_process when you have filled it.
-
 ;; Test complet
     ; Manifest
         domain="domain.tld"	(DOMAIN)
@@ -22,9 +20,6 @@
         multi_instance=1
         port_already_use=0
         change_url=0
-;;; Levels
-	# If the level 5 (Package linter) is forced to 1. Please add justifications here.
-	Level 5=auto
 ;;; Options
 Email=anmol@datamol.org
 Notification=change
diff --git a/manifest.json b/manifest.json
index 578c278..43f94c9 100644
--- a/manifest.json
+++ b/manifest.json
@@ -15,7 +15,7 @@
         "url": "https://datamol.org"
     },
     "requirements": {
-        "yunohost": ">= 3.8.1"
+        "yunohost": ">= 4.0.0"
     },
     "multi_instance": true,
     "services": [
diff --git a/pull_request_template.md b/pull_request_template.md
index c96d9fa..6c28fc5 100644
--- a/pull_request_template.md
+++ b/pull_request_template.md
@@ -13,6 +13,4 @@
 
 ## Package_check results
 ---
-*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results*
-
-[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/firefly-iii_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/firefly-iii_ynh%20PR-NUM-%20(USERNAME)/)  
+* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*
diff --git a/scripts/install b/scripts/install
index 63426ba..1e15eb1 100755
--- a/scripts/install
+++ b/scripts/install
@@ -168,8 +168,8 @@ popd
 ynh_script_progression --message="Securing files and directories..."
 
 # Set right permissions
-chown -R $app:$app $final_path
-chmod -R 775 ${final_path}/storage
+chown -R $app: $final_path
+chmod -R 775 $final_path/storage
 
 #=================================================
 # SETUP LOGROTATE
@@ -182,13 +182,14 @@ ynh_use_logrotate
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..."
+ynh_script_progression --message="Configuring permissions..."
 
 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
 fi
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index b6a6613..5ddfd8b 100755
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -60,6 +60,13 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -150,7 +157,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 ynh_script_progression --message="Updating PHP dependencies..."
 
-chown -R "$app": "$final_path"
+chown -R $app: "$final_path"
 
 ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$final_path"
 
@@ -183,7 +190,6 @@ ynh_replace_string --match_string="changeme@example.com" --replace_string="$app@
 # ynh_replace_string --match_string="userprincipalname" --replace_string="uid" --target_file="$config"
 ynh_replace_string --match_string="localhost" --replace_string="$domain$path_url" --target_file="$config"
 
-
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum --file="$config"
 
@@ -227,18 +233,6 @@ ynh_script_progression --message="Securing files and directories..."
 chown -R $app: $final_path
 chmod -R 775 ${final_path}/storage
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
-    # unprotected_uris allows SSO credentials to be passed anyway
-    ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================