diff --git a/README.md b/README.md
index 089e6e6..2d5a746 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories!
 
 
-**Shipped version:** 0.17.4~ynh2
+**Shipped version:** 0.18.1~ynh3
 
 ## Screenshots
 
diff --git a/README_fr.md b/README_fr.md
index dfa063f..d71b229 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -5,7 +5,7 @@ It shall NOT be edited by hand.
 
 # Kresus pour YunoHost
 
-[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Status du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Status de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg)  
+[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg)  
 [![Installer Kresus avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus)
 
 *[Read this readme in english.](./README.md)*
@@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget.
 
-**Version incluse :** 0.17.4~ynh2
+**Version incluse :** 0.18.1~ynh3
 
 ## Captures d'écran
 
diff --git a/check_process b/check_process
index ebb5e64..90cf11b 100644
--- a/check_process
+++ b/check_process
@@ -19,4 +19,3 @@
 ;;; Options
 Email=
 Notification=all
-;;; Upgrade options
diff --git a/conf/app.src b/conf/app.src
index df70627..3bf7bfb 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.17.4/kresus-0.17.4.tar.bz2
-SOURCE_SUM=bf08050b9f704c5727f2e6a8410f2a2914f589372a2de539c429fd1fec0e7613
+SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.18.1/kresus-0.18.1.tar.bz2
+SOURCE_SUM=3a32a3c78a3b724fd186ad212e743894872a0a7aee6efa8f02c454a76973e1ed
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.bz2
 SOURCE_IN_SUBDIR=true
diff --git a/conf/nginx.conf b/conf/nginx.conf
index e8a0e30..023598e 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,27 +1,27 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
 
-	alias __FINALPATH__/build/client/;
-        try_files $uri $uri/index.html @kresus;
+  alias __FINALPATH__/build/client/;
+  try_files $uri $uri/index.html @kresus;
 
-	# Include SSOWAT user panel.
-	include conf.d/yunohost_panel.conf.inc;
+  # Include SSOWAT user panel.
+  include conf.d/yunohost_panel.conf.inc;
 }
 
 location ~ __PATH__/\.(css|js|png|jpe?g|svg|eot|woff2?)$ {
-	more_set_headers 'Cache-Control: max-age=2592000, must-revalidate, public';
-	gzip_types text/plain text/css application/javascript text/javascript;
-	try_files $uri $uri/index.html @kresus;
+  more_set_headers 'Cache-Control: max-age=2592000, must-revalidate, public';
+  gzip_types text/plain text/css application/javascript text/javascript;
+  try_files $uri $uri/index.html @kresus;
 }
 
 location @kresus {
-	client_max_body_size  8M;
-	send_timeout          600;
-	proxy_connect_timeout 600;
-	proxy_send_timeout    600;
-	proxy_read_timeout    600;
-	proxy_set_header      Host $host;
+  client_max_body_size  8M;
+  send_timeout          600;
+  proxy_connect_timeout 600;
+  proxy_send_timeout    600;
+  proxy_read_timeout    600;
+  proxy_set_header      Host $host;
 
-	proxy_pass http://127.0.0.1:__PORT__;
-	proxy_redirect off;
+  proxy_pass http://127.0.0.1:__PORT__;
+  proxy_redirect off;
 }
diff --git a/conf/systemd.service b/conf/systemd.service
index 78f9d9b..c7bc558 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -6,18 +6,44 @@ After=syslog.target network.target
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__FINALPATH__
-Environment="PATH=__YNH_NODE_LOAD_PATH__"
+WorkingDirectory=__FINALPATH__/
+Environment="__YNH_NODE_LOAD_PATH__"
 Environment=NODE_ENV=production
 ExecStart=__FINALPATH__/bin/kresus.js --config __FINALPATH__/config.ini
 Restart=always
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=__APP__
+# /var/log is implied
+LogsDirectory=__APP__
+
+AmbientCapabilities=
+CapabilityBoundingSet=
+LockPersonality=true
+#Not compatible with NodeJS
+#MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 PrivateDevices=true
 PrivateTmp=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
 ProtectHome=true
+ProtectHostname=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectProc=invisible
 ProtectSystem=strict
-ProtectControlGroups=yes
-ProtectKernelModules=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=true
+RestrictRealtime=true
+RestrictSUIDSGID=true
+#SecureBits=noroot-locked
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
 # to allow this systemd service to use sendmail.
 # references:
 #  https://bugs.archlinux.org/task/57721
@@ -26,9 +52,6 @@ ProtectKernelModules=yes
 SupplementaryGroups=postdrop
 ReadWritePaths=__FINALPATH__/config.ini __FINALPATH__/data/ /var/spool/postfix/maildrop/
 
-StandardOutput=syslog
-StandardError=syslog
-SyslogIdentifier=__APP__
 
 [Install]
 WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index ef7e6e8..e06ddb5 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Personal finance manager",
         "fr": "Outil personnel de gestion de finances"
     },
-    "version": "0.17.4~ynh2",
+    "version": "0.18.1~ynh3",
     "url": "https://framagit.org/kresusapp/kresus",
     "upstream": {
         "license": "free",
diff --git a/scripts/backup b/scripts/backup
index a9dd460..37a5e95 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 ynh_clean_setup () {
-	ynh_clean_check_starting
+	true
 }
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
diff --git a/scripts/install b/scripts/install
index d807374..7e5b528 100644
--- a/scripts/install
+++ b/scripts/install
@@ -29,6 +29,8 @@ architecture=$YNH_ARCH
 
 app=$YNH_APP_INSTANCE_NAME
 
+salt=$(ynh_string_random --length=40)
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@@ -53,6 +55,7 @@ ynh_script_progression --message="Storing installation settings..."
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
+ynh_app_setting_set --app=$app --key=salt --value=$salt
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -61,12 +64,10 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
 #=================================================
 ynh_script_progression --message="Finding an available port..."
 
+# Find an available port
 port=$(ynh_find_port --port=9876)
 ynh_app_setting_set --app=$app --key=port --value=$port
 
-salt=$(ynh_string_random --length=40)
-ynh_app_setting_set --app=$app --key=salt --value=$salt
-
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
@@ -104,7 +105,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
-mkdir "$final_path/data"
+mkdir -p "$final_path/data"
 
 chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
@@ -132,8 +133,9 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv"
 	set -o nounset
 
 	pip install --upgrade pip
-	pip install woob html2text simplejson BeautifulSoup4 PyExecJS pdfminer.six --ignore-installed
+	pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed
 )
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # INTSALL KRESUS WITH NPM
@@ -143,10 +145,9 @@ ynh_script_progression --message="Installing app..."
 ynh_use_nodejs
 (
 	cd "$final_path"
-	chown -R "$app": "$final_path"
-
 	ynh_exec_warn_less $ynh_npm install --production --unsafe-perm
 )
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # ADD A CONFIGURATION
diff --git a/scripts/remove b/scripts/remove
index b975466..62bcce7 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -81,8 +81,8 @@ ynh_remove_nginx_config
 ynh_script_progression --message="Removing dependencies..."
 
 # Remove metapackage and its dependencies
-ynh_remove_app_dependencies
 ynh_remove_nodejs
+ynh_remove_app_dependencies
 
 #=================================================
 # SPECIFIC REMOVE
diff --git a/scripts/restore b/scripts/restore
index de39e0c..ff44581 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -14,6 +14,9 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
 
+ynh_clean_setup () {
+	ynh_clean_check_starting
+}
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
@@ -29,7 +32,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 salt=$(ynh_app_setting_get --app=$app --key=salt)
 
 #=================================================
@@ -49,13 +51,6 @@ test ! -d $final_path \
 
 #=================================================
 # STANDARD RESTORATION STEPS
-#=================================================
-# RESTORE THE NGINX CONFIGURATION
-#=================================================
-ynh_script_progression --message="Restoring the NGINX web server configuration..."
-
-ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -89,15 +84,21 @@ ynh_script_progression --message="Reinstalling dependencies..."
 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..."
+
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
 #=================================================
 ynh_script_progression --message="Restoring the PostgreSQL database..."
 
 ynh_psql_test_if_first_run
-ynh_print_OFF
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
-ynh_print_ON
 ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 6c4a21a..f86f45d 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -40,6 +40,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
 # Backup the current version of the app
 ynh_backup_before_upgrade
 ynh_clean_setup () {
+	ynh_clean_check_starting
 	# Restore it if the upgrade fails
 	ynh_restore_upgradebackup
 }
@@ -117,14 +118,6 @@ chmod 750 "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 
-#=================================================
-# NGINX CONFIGURATION
-#=================================================
-ynh_script_progression --message="Upgrading NGINX web server configuration..."
-
-# Create a dedicated NGINX config
-ynh_add_nginx_config
-
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
@@ -142,6 +135,14 @@ then
 	db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 fi
 
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_script_progression --message="Upgrading NGINX web server configuration..."
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@@ -157,8 +158,9 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv"
 	set -o nounset
 
 	pip install --upgrade pip
-	pip install woob html2text simplejson BeautifulSoup4 PyExecJS pdfminer.six --ignore-installed
+	pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed
 )
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # INSTALL KRESUS WITH NPM
@@ -168,7 +170,6 @@ ynh_script_progression --message="Installing app..."
 ynh_use_nodejs
 (
 	cd "$final_path"
-	chown -R $app: "$final_path"
 
 	# In case of nodejs upgrade, remove the current node_modules to make sure there are no errors
 	# linked to modules compiled for the previous version.
@@ -176,6 +177,7 @@ ynh_use_nodejs
 
 	ynh_exec_warn_less $ynh_npm install --production --unsafe-perm
 )
+chown -R $app:www-data "$final_path"
 
 #=================================================
 # UPDATE A CONFIG FILE