diff --git a/data/templates/nginx/plain/yunohost_sso.conf.inc b/data/templates/nginx/plain/yunohost_sso.conf.inc
new file mode 100644
index 000000000..308e5a9a4
--- /dev/null
+++ b/data/templates/nginx/plain/yunohost_sso.conf.inc
@@ -0,0 +1,7 @@
+# Avoid the nginx path/alias traversal weakness ( #1037 )
+rewrite ^/yunohost/sso$ /yunohost/sso/ permanent;
+
+location /yunohost/sso/ {
+   # This is an empty location, only meant to avoid other locations
+   # from matching /yunohost/sso, such that it's correctly handled by ssowat
+}
diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf
index 29af9f532..8bd689a92 100644
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@@ -14,7 +14,7 @@ server {
 
     include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
 
-    location /yunohost/admin {
+    location /yunohost {
         return 301 https://$http_host$request_uri;
     }
 
@@ -60,6 +60,7 @@ server {
 
     include /etc/nginx/conf.d/{{ domain }}.d/*.conf;
 
+    include /etc/nginx/conf.d/yunohost_sso.conf.inc;
     include /etc/nginx/conf.d/yunohost_admin.conf.inc;
     include /etc/nginx/conf.d/yunohost_api.conf.inc;
 
diff --git a/debian/changelog b/debian/changelog
index 4cee8b912..d6ba6d553 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,15 @@ yunohost (4.1.0) testing; urgency=low
 
   - Tmp bump of the version number to fix CI (c.f. Breaks: yunohost(<<4.1) in moulinette)
 
+yunohost (4.0.7) stable; urgency=low
+
+  - [fix] Require explicitly php7.3-foo packages because in some cases Sury's php7.4- packages are installed and php7.3-fpm doesn't get installed ... (1288159a)
+  - [fix] Make sure app nginx confs do not prevent the loading of /yunohost/sso (#1044)
+
+  Thanks to all contributors <3 ! (Kayou, ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 04 Sep 2020 14:32:07 +0200
+
 yunohost (4.0.6.1) stable; urgency=low
 
   - [fix] Stupid syntax issue in dovecot conf