diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 4ed5b0d..5edf5a6 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -78,7 +78,7 @@ upgrade_synapse() {
 push_armv7_build() {
     ## Make a draft release json with a markdown body
     local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
-    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/SUM_matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/SUM_matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz)"
+    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
     release+='"body": "'$body'",'
     release+='"draft": true, "prerelease": false'
     release='{'$release'}'
diff --git a/conf/turnserver.conf b/conf/turnserver.conf
index 35ee0ae..e665a57 100644
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@@ -13,15 +13,16 @@ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
 pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
 dh-file=/etc/ssl/private/dh2048.pem
 
+# Block clear communication
+no-udp
+no-tcp
+
+# Block old protocols
 no-sslv2
 no-sslv3
 no-tlsv1
 no-tlsv1_1
 
-no-multicast-peers
-
-no-cli
-
 log-file=/var/log/matrix-__APP__/turnserver.log
 pidfile=/run/coturn-__APP__/turnserver.pid
 simple-log
@@ -30,6 +31,12 @@ simple-log
 user-quota=12 # 4 streams per video call, so 12 streams = 3 simultaneous relayed calls per user.
 total-quota=1200
 
+# recommended additional local peers to block, to mitigate external access to internal services.
+# https://www.rtcsec.com/article/slack-webrtc-turn-compromise-and-bug-bounty/#how-to-fix-an-open-turn-relay-to-address-this-vulnerability
+no-multicast-peers
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+
 # Max time 12h
 max-allocate-lifetime=43200
 
diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index fc6a23d..7e2187d 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -129,7 +129,7 @@ Then, to log in the API with your credentials, you need to set your user as admi
 
 ### Change url
 
-Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which an other thing.**
+Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.**
 
 The advantage of this is that you can put the app on a specific domain without impacting the domain name of the accounts. For instance you can have the synapse app on `matrix.yolo.net` and the user account will be something like that `@michu:yolo.net`. Note that it's the main difference between the domain of the app (which is `matrix.yolo.net`) and the "server name" which is `yolo.net`.
 
diff --git a/manifest.toml b/manifest.toml
index 8f0d525..1f7aa94 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -63,13 +63,13 @@ ram.runtime = "200M"
 [resources]
     [resources.sources.synapse_prebuilt_armv7_bookworm]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz"
+    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
 
     [resources.sources.synapse_prebuilt_armv7_bullseye]
     prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz"
+    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
 
     [resources.sources.sliding_proxy]
     prefetch = true
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 7c7ac26..015a35e 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -104,9 +104,9 @@ configure_synapse() {
     fi
     local turn_server_config=""
     if $enable_dtls_for_audio_video_turn_call; then
-        turn_server_config='turn_uris: [ "stuns:'$domain:$port_turnserver_tls'?transport=dtls", "stuns:'$domain:$port_turnserver_tls'?transport=tls", "turns:'$domain:$port_turnserver_tls'?transport=dtls", "turns:'$domain:$port_turnserver_tls'?transport=tls" ]'
+        turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'
     else
-        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'?transport=udp", "turn:'$domain:$port_turnserver_tls'?transport=tcp" ]'
+        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'
     fi
 
     ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
diff --git a/scripts/upgrade b/scripts/upgrade
index c5e986d..64de386 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -201,7 +201,7 @@ then
 fi
 if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
 then
-    enable_dtls_for_audio_video_turn_call="true"
+    enable_dtls_for_audio_video_turn_call=true
     ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 if [ -z "${sync_proxy_secret:-}" ]
@@ -339,7 +339,8 @@ if yunohost app map -r --output-as json | jq -r '."'$domain'" | select( . != nul
     ynh_print_warn 'An other app is installed on this domain. Now synapse require to be alone on the domain.'
     ynh_print_warn 'To solve this you can:'
     ynh_print_warn " - Remove or move all other app which use '$domain'"
-    ynh_print_warn ' - Change the domain of synapse. You can find more informations here: https://github.com/YunoHost-Apps/synapse_ynh/blob/ce38d582ea379f60574a438056893cac79525808/doc/ADMIN.md#change-url'
+    ynh_print_warn ' - Change the domain of synapse. You can find more informations here: https://github.com/YunoHost-Apps/synapse_ynh/tree/testing/doc/ADMIN.md#change-url'
+    ynh_print_warn 'For more information you can see this issue: https://github.com/YunoHost-Apps/synapse_ynh/issues/443'
 fi
 
 #=================================================