diff --git a/ALL_README.md b/ALL_README.md
index a01b345..152f2e7 100644
--- a/ALL_README.md
+++ b/ALL_README.md
@@ -1,6 +1,7 @@
# All available README files by language
- [Read the README in English](README.md)
+- [Lea el README en español](README_es.md)
- [Irakurri README euskaraz](README_eu.md)
- [Lire le README en français](README_fr.md)
- [Le o README en galego](README_gl.md)
diff --git a/README.md b/README.md
index 45ebb4f..bd89422 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ It shall NOT be edited by hand.
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
-**Shipped version:** 5.6.2~ynh1
+**Shipped version:** 5.8.0~ynh1
## Screenshots
diff --git a/README_es.md b/README_es.md
new file mode 100644
index 0000000..1b5d2ac
--- /dev/null
+++ b/README_es.md
@@ -0,0 +1,47 @@
+
+
+# SimpleX para Yunohost
+
+[](https://dash.yunohost.org/appci/app/simplex)  
+
+[](https://install-app.yunohost.org/?app=simplex)
+
+*[Leer este README en otros idiomas.](./ALL_README.md)*
+
+> *Este paquete le permite instalarSimpleX rapidamente y simplement en un servidor YunoHost.*
+> *Si no tiene YunoHost, visita [the guide](https://yunohost.org/install) para aprender como instalarla.*
+
+## Descripción general
+
+SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
+
+**Versión actual:** 5.8.0~ynh1
+
+## Capturas
+
+
+
+## Documentaciones y recursos
+
+- Sitio web oficial:
+- Documentación administrador oficial:
+- Repositorio del código fuente oficial de la aplicación :
+- Catálogo YunoHost:
+- Reportar un error:
+
+## Información para desarrolladores
+
+Por favor enviar sus correcciones a la [`branch testing`](https://github.com/YunoHost-Apps/simplex_ynh/tree/testing
+
+Para probar la rama `testing`, sigue asÍ:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/simplex_ynh/tree/testing --debug
+o
+sudo yunohost app upgrade simplex -u https://github.com/YunoHost-Apps/simplex_ynh/tree/testing --debug
+```
+
+**Mas informaciones sobre el empaquetado de aplicaciones:**
diff --git a/README_eu.md b/README_eu.md
index 3fa64f1..8bf4a14 100644
--- a/README_eu.md
+++ b/README_eu.md
@@ -18,7 +18,7 @@ EZ editatu eskuz.
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
-**Paketatutako bertsioa:** 5.6.2~ynh1
+**Paketatutako bertsioa:** 5.8.0~ynh1
## Pantaila-argazkiak
diff --git a/README_fr.md b/README_fr.md
index b997823..9108f41 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -18,7 +18,7 @@ Il NE doit PAS être modifié à la main.
SimpleX - la première plate-forme de messagerie qui n'a aucun identifiant d'utilisateur d'aucune sorte - 100 % privée de par sa conception !
-**Version incluse :** 5.6.2~ynh1
+**Version incluse :** 5.8.0~ynh1
## Captures d’écran
diff --git a/README_gl.md b/README_gl.md
index 1a35e8b..ed57426 100644
--- a/README_gl.md
+++ b/README_gl.md
@@ -18,7 +18,7 @@ NON debe editarse manualmente.
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
-**Versión proporcionada:** 5.6.2~ynh1
+**Versión proporcionada:** 5.8.0~ynh1
## Capturas de pantalla
diff --git a/README_it.md b/README_it.md
index 208fe34..e0b005a 100644
--- a/README_it.md
+++ b/README_it.md
@@ -18,7 +18,7 @@ NON DEVE essere modificato manualmente.
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
-**Versione pubblicata:** 5.1.0~ynh2
+**Versione pubblicata:** 5.8.0~ynh1
## Screenshot
diff --git a/README_zh_Hans.md b/README_zh_Hans.md
index 2700c4a..717c5ce 100644
--- a/README_zh_Hans.md
+++ b/README_zh_Hans.md
@@ -18,7 +18,7 @@
SimpleX - the first messaging platform operating without user identifiers of any kind - 100% private by design! iOS and Android apps are released.
-**分发版本:** 5.6.2~ynh1
+**分发版本:** 5.8.0~ynh1
## 截图
diff --git a/conf/xftp.systemd.service b/conf/xftp.systemd.service
index 12c0092..66f3256 100644
--- a/conf/xftp.systemd.service
+++ b/conf/xftp.systemd.service
@@ -14,5 +14,40 @@ KillSignal=SIGINT
TimeoutStopSec=infinity
AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
[Install]
WantedBy=multi-user.target
diff --git a/manifest.toml b/manifest.toml
index 34db167..c3d6b5f 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "SimpleX"
description.en = "Messaging platform operating without user identifiers"
description.fr = "Plate-forme de messagerie fonctionnant sans identifiants d'utilisateurs"
-version = "5.6.2~ynh1"
+version = "5.8.0~ynh1"
maintainers = []
@@ -34,24 +34,24 @@ ram.runtime = "50M"
[resources]
-[resources.sources]
- [resources.sources.main]
- amd64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.6.2/smp-server_amd64"
- amd64.sha256 = "d711cc5bddddf4abd01d971d7d4cda879bc4d4d2beb455154031589ffcb0c891"
- arm64.url = "https://github.com/skyuk3000/simplex_ynh/releases/download/5.2.0/smp-server_arm64"
- arm64.sha256 = "2a5a6f34230443212d3166ec7c706440eb2748c6cd2b4e47526a4ccf45717584"
- in_subdir = false
- extract = false
- rename = "smp-server"
+ [resources.sources]
+ [resources.sources.main]
+ amd64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.8.0/smp-server_amd64"
+ amd64.sha256 = "8b5806a63ccbec373e8a4681cbb97113b0757a19b5f8a889dd9611c767b1a57c"
+ arm64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.8.0/smp-server_arm64"
+ arm64.sha256 = "dcf246b4e065199fbd8eb41845eef4d93ba3bcf01eeddc833bb318a6c78db988"
+ in_subdir = false
+ extract = false
+ rename = "smp-server"
- [resources.sources.xftp]
- amd64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.6.2/xftp-server_amd64"
- amd64.sha256 = "6febc49aa989a02ad8cfc27b657c30acc425878e88a995beca864afeaaff7b3e"
- arm64.url = "https://github.com/skyuk3000/simplex_ynh/releases/download/5.2.0/xftp-server_arm64"
- arm64.sha256 = "a8f4118610efca9bd7b2d687c04f95a9cf52114d1941c8f94441d80c1c04d92a"
- in_subdir = false
- extract = false
- rename = "xftp-server"
+ [resources.sources.xftp]
+ amd64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.8.0/xftp-server_amd64"
+ amd64.sha256 = "d7550d5dc6b3ff3dfee145e39ab5da9429c6fde295d705d634e21c2e62b53142"
+ arm64.url = "https://github.com/YunoHost-Apps/simplex_ynh/releases/download/v5.8.0/xftp-server_arm64"
+ arm64.sha256 = "515bcdde8d46e07614168b926e61b1e17f039b8a2be29590cde1ff9caea5fa12"
+ in_subdir = false
+ extract = false
+ rename = "xftp-server"
[resources.ports]
main.default = 5223
diff --git a/scripts/remove b/scripts/remove
index 86d0405..78f9f80 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -10,10 +10,9 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
-# STANDARD REMOVE
-#=================================================
-# REMOVE SERVICE INTEGRATION IN YUNOHOST
+# REMOVE SYSTEM CONFIGURATIONS
#=================================================
+ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
@@ -24,13 +23,6 @@ then
yunohost service remove tor
fi
-#=================================================
-# REMOVE SYSTEM CONFIGURATIONS
-#=================================================
-# REMOVE SYSTEMD SERVICE
-#=================================================
-ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
-
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=xftp