diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78d5005..312bf39 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+## 24.04.8-2.1 2024-10-16 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add accessibility toggle
+      - Add nss certificates path option
+      - Add document signing toggle
+      - Enable In APP config restart
+
+   ### Changed
+      - Fix issue with capabilities and child processes
+
+
 ## 24.04.8-2 2024-10-09 <dave at tiredofit dot ca>
 
    ### Added
diff --git a/Dockerfile b/Dockerfile
index f23b8bb..c15b118 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -247,7 +247,7 @@ RUN source /assets/functions/00-container && \
     chown -R cool /opt/* && \
     mkdir -p /var/cache/coolwsd && \
     chown -R cool /var/cache/coolwsd && \
-    setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/cool/bin/coolforkit && \
+    setcap cap_fowner,cap_chown,cap_mknod,cap_sys_chroot=ep /opt/cool/bin/coolforkit-caps && \
     setcap cap_sys_admin=ep /opt/cool/bin/coolmount && \
     mkdir -p /usr/share/hunspell && \
     mkdir -p /usr/share/hyphen && \
diff --git a/LICENSE b/LICENSE
index 35e8726..c908bda 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2023 Dave Conroy
+Copyright (c) 2024 Dave Conroy
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
index 505a4a6..39d025d 100644
--- a/README.md
+++ b/README.md
@@ -142,6 +142,7 @@ Be sure to view the following repositories to understand all the customizable op
 | `GROUP_DOWNLOAD_AS`              | Group Download as Icons into dropdown in notebookbar view                                                                  | `TRUE`   |
 | `WATERMARK_OPACITY`              | Watermark Opacity                                                                                                          | `0.2`    |
 | `WATERMARK_TEXT`                 | Text to display for watermark                                                                                              | ``       |
+| `ENABLE_DOCUMENT_SIGNING`                  | Enable Document Signing Settings                                                                                  | `TRUE`  |
 | `ENABLE_MACROS`                  | Enable Macros                                                                                                              | `FALSE`  |
 | `MACRO_SECURITY_LEVEL`           | Macro Security Level `1` Medium `0` Low                                                                                    | `1`      |
 | `ENABLE_METRICS_UNAUTHENTICATED` | Enable Unauthenticated Metrics                                                                                             | `FALSE`  |
@@ -326,15 +327,18 @@ Don’t forget to add the according languages to the [`LANGUAGE`](#languages-for
 #### Other Settings
 | Parameter                      | Description                                                                                                       | Default       |
 | ------------------------------ | ----------------------------------------------------------------------------------------------------------------- | ------------- |
+| `CERTIFICATES_PATH`            | Path to the NSS certificates that are available to all users                                                      | ``            |
 | `CHILD_ROOT_PATH`              | Child root path                                                                                                   | `child-roots` |
+| `CONTENT_SECURITY_POLICY`      | Content Security Policy                                                                                           | ``            |
 | `DOCUMENT_SIGNING_URL`         | Endpoint URL of signing server                                                                                    | ``            |
+| `ENABLE_ACCESSIBILITY`         | Enable Accessibility settings                                                                                     | `FALSE`       |
 | `ENABLE_CAPABILITIES`          | Enable Capabilities                                                                                               | `TRUE`        |
 | `ENABLE_CONFIG_RELOAD`         | Enable Reload of coolwsd if config changed in container                                                           | `TRUE`        |
 | `ENABLE_EXPERIMENTAL_FEATURES` | Enable experimental features                                                                                      | `FALSE`       |
 | `ENABLE_MOUNT_JAIL`            | Enable mounting jails                                                                                             | `true`        |
 | `ENABLE_SECCOMP`               | Enable Seccomp                                                                                                    | `TRUE`        |
 | `FILE_SERVER_ROOT_PATH`        | Path to directory considered as root                                                                              | `browser/../` |
-| `FRAME_ANCESTORS`              | Hosts where interface can be hosted in Iframe                                                                     | ``            |
+| `FRAME_ANCESTORS`              | Hosts where interface can be hosted in IFrame *OBSOLETE*                                                          | ``            |
 | `HEXIFY_EMBEDDED_URLS`         | Hexify Embedded URLS (useful for Azure deployments)                                                               | `FALSE`       |
 | `INDIRECTION_ENDPOINT`         | URL endpoint to server which zervers routeToken in json format                                                    |               |
 | `PDF_RESOLUTION_DPI`           | PDF Resolution DPI when rendering PDF documents as image                                                          | `96`          |
diff --git a/install/assets/defaults/10-coolwsd b/install/assets/defaults/10-coolwsd
index ac74db8..24715aa 100755
--- a/install/assets/defaults/10-coolwsd
+++ b/install/assets/defaults/10-coolwsd
@@ -4,6 +4,7 @@ ADMIN_JWT_EXPIRY=${ADMIN_JWT_EXPIRY:-"1800"}
 ALWAYS_SAVE_ON_EXIT=${ALWAYS_SAVE_ON_EXIT:-"false"}
 AUTO_SAVE=${AUTO_SAVE:-300}
 BATCH_PRIORITY=${BATCH_PRIORITY:-"5"}
+CERTIFICATES_PATH=${CERTIFICATES_PATH:-""}
 CHILD_ROOT_PATH=${CHILD_ROOT_PATH:-"child-roots"}
 CLEANUP_BAD_BEHAVIOUR_TIME=${CLEANUP_BAD_BEHAVIOUR_TIME:-60}
 CLEANUP_IDLE_TIME=${CLEANUP_IDLE_TIME:-300}
@@ -11,13 +12,16 @@ CLEANUP_INTERVAL=${CLEANUP_INTERVAL:-"10000"}
 CLEANUP_LIMIT_CPU_PER=${CLEANUP_LIMIT_CPU_PER:-85}
 CLEANUP_LIMIT_DIRTY_MEMORY=${CLEANUP_LIMIT_DIRTY_MEMORY:-3072}
 CONNECTION_TIMEOUT=${CONNECTION_TIMEOUT:-30}
+CONTENT_SECURITY_POLICY=${CONTENT_SECURITY_POLICY:-""}
 DEEPL_API_URL=${DEEPL_API_URL:-""}
 DEEPL_AUTH_KEY=${DEEPL_AUTH_KEY:-""}
+ENABLE_ACCESSIBILITY=${ENABLE_ACCESSIBILITY:-"FALSE"}
 ENABLE_ADMIN_CONSOLE=${ENABLE_ADMIN_CONSOLE:-"TRUE"}
 ENABLE_CAPABILITIES=${ENABLE_CAPABILITIES:-"true"}
 ENABLE_CLEANUP=${ENABLE_CLEANUP:-"false"}
 ENABLE_CONFIG_RELOAD=${ENABLE_CONFIG_RELOAD:-"TRUE"}
 ENABLE_DEEPL=${ENABLE_DEEPL:-"FALSE"}
+ENABLE_DOCUMENT_SIGNING=${ENABLE_DOCUMENT_SIGNING:-"TRUE"}
 ENABLE_DOCUMENT_STATISTICS=${ENABLE_DOCUMENT_STATISTICS:-"FALSE"}
 ENABLE_EXPERIMENTAL_FEATURES=${ENABLE_EXPERIMENTAL_FEATURES:-"false"}
 ENABLE_FILES_QUARANTINE=${ENABLE_FILES_QUARANTINE:-"FALSE"}
@@ -84,6 +88,7 @@ PDF_RESOLUTION_DPI=${PDF_RESOLUTION_DPI:-"96"}
 PRESPAWN_CHILD_PROCESSES=${PRESPAWN_CHILD_PROCESSES:-1}
 REDLINING_AS_COMMENTS=${REDLINING_AS_COMMENTS:-"false"}
 REMOTE_FONT_URL=${REMOTE_FONT_URL:-""}
+RESTART_CONFIG_EDIT=${RESTART_CONFIG_EDIT:-"TRUE"}
 SETUP_TYPE=${SETUP_TYPE:-"AUTO"}
 SYS_TEMPLATE_PATH=${SYS_TEMPLATE_PATH:-"systemplate"}
 TLS_CA_FILENAME=${TLS_CA_FILENAME:-"ca-chain.cert.pem"}
diff --git a/install/etc/cont-init.d/10-coolwsd b/install/etc/cont-init.d/10-coolwsd
index fbbff7e..392f479 100755
--- a/install/etc/cont-init.d/10-coolwsd
+++ b/install/etc/cont-init.d/10-coolwsd
@@ -132,7 +132,13 @@ fi
 if [ "${SETUP_TYPE,,}" = "auto" ]; then
     print_notice "Autogenerating Configuration File"
 	### Replace Configuration directives
-	sed -i -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${LANGUAGE}</allowed_languages>|g" /etc/coolwsd/coolwsd.xml
+    sed -i \
+                -e "s|<enable type=\"bool\" desc=\"Controls whether accessibility\"\(.*\)>.*</enable>|<enable type=\"bool\" desc=\"Controls whether accessibility\1>${ENABLE_ACCESSIBILITY,,}</enable>|" \
+            /etc/coolwsd/coolwsd.xml
+
+    sed -i \
+                -e "s|<allowed_languages \(.*\)>.*</allowed_languages>|<allowed_languages \1>${LANGUAGE}</allowed_languages>|g" \
+            /etc/coolwsd/coolwsd.xml
 
     ## Language Tool
     sed -i \
@@ -152,10 +158,13 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
             /etc/coolwsd/coolwsd.xml
 
 
-	sed -i -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|" /etc/coolwsd/coolwsd.xml
-	sed -i -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|" /etc/coolwsd/coolwsd.xml
-	sed -i -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL,,}</mount_jail_tree>|" /etc/coolwsd/coolwsd.xml
-	sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|" /etc/coolwsd/coolwsd.xml
+	sed -i \
+                -e "s|<sys_template_path \(.*\)>.*</sys_template_path>|<sys_template_path \1>${SYS_TEMPLATE_PATH}</sys_template_path>|" \
+	            -e "s|<child_root_path \(.*\)>.*</child_root_path>|<child_root_path \1>${CHILD_ROOT_PATH}</child_root_path>|" \
+	            -e "s|<mount_jail_tree \(.*\)>.*</mount_jail_tree>|<mount_jail_tree \1>${ENABLE_MOUNT_JAIL,,}</mount_jail_tree>|" \
+            /etc/coolwsd/coolwsd.xml
+
+    sed -i -e "s|<server_name \(.*\)>.*</server_name>|<server_name \1>${HOSTNAME}</server_name>|" /etc/coolwsd/coolwsd.xml
 	sed -i -e "s|<file_server_root_path \(.*\)>.*</file_server_root_path>|<file_server_root_path \1>${FILE_SERVER_ROOT_PATH}</file_server_root_path>|" /etc/coolwsd/coolwsd.xml
 	sed -i -e "s|<hexify_embedded_urls \(.*\)>.*<\/hexify_embedded_urls>|<hexify_embedded_urls \1>${HEXIFY_EMBEDDED_URLS,,}<\/hexify_embedded_urls>|" /etc/coolwsd/coolwsd.xml
     sed -i -e "s|<experimental_features \(.*\)>.*<\/experimental_features>|<experimental_features \1>${ENABLE_EXPERIMENTAL_FEATURES,,}<\/experimental_features>|" /etc/coolwsd/coolwsd.xml
@@ -245,6 +254,7 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
 		sed -i "/<alias_groups .*>/a \              <group><host desc=\"hostname to allow or deny.\" allow=\"true\">${host}</host></group>" /etc/coolwsd/coolwsd.xml
 	done
     sed -i \
+                -e "s|<content_security_policy \(.*\)>.*<\/content_security_policy>|<content_security_policy \1>${CONTENT_SECURITY_POLICY}<\/content_security_policy>|" \
                 -e "s|<frame_ancestors \(.*\)>.*<\/frame_ancestors>|<frame_ancestors \1>${FRAME_ANCESTORS}<\/frame_ancestors>|" \
 	            -e "s|<connection_timeout \(.*\)>.*<\/connection_timeout>|<connection_timeout \1>${CONNECTION_TIMEOUT}<\/connection_timeout>|" \
             /etc/coolwsd/coolwsd.xml
@@ -276,6 +286,10 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
                 -e "s|<enable_metrics_unauthenticated \(.*\)>.*<\/enable_metrics_unauthenticated>|<enable_metrics_unauthenticated \1>${ENABLE_METRICS_UNAUTHENTICATED,,}<\/enable_metrics_unauthenticated>|" \
             /etc/coolwsd/coolwsd.xml
 
+	sed -i \
+                -e "s|<database_path\(.*\)>.*<\/database_path>|<database_path \1>${CERTIFICATES_PATH}<\/database_path>|" \
+            /etc/coolwsd/coolwsd.xml
+
 	## Watermark
     sed -i \
                 -e "s|<opacity \(.*\)>.*<\/opacity>|<opacity \1>${WATERMARK_OPACITY}<\/opacity>|" \
@@ -309,6 +323,9 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
     ## Remote Config
     sed -i -e "s|<remote_url desc=\(.*\)>.*<\/remote_url>|<remote_url desc=\1>${REMOTE_URL}<\/remote_url>|" /etc/coolwsd/coolwsd.xml
 
+    ## Stop and restart on Config Change
+    sed -i -e "s|<stop_on_config_change desc=\(.*\)>.*<\/stop_on_config_change>|<stop_on_config_change desc=\1>${ENABLE_CONFIG_RELOAD,,}<\/stop_on_config_change>|" /etc/coolwsd/coolwsd.xml
+
     ## Remote Fonts
 	sed -i -e "s|<url desc=\"URL of optional JSON\(.*\)>.*<\/url>|<url desc=\"URL of optional JSON\1>${REMOTE_FONT_URL}<\/url>|" /etc/coolwsd/coolwsd.xml
 
@@ -336,6 +353,8 @@ if [ "${SETUP_TYPE,,}" = "auto" ]; then
                 -e "s|<force .*=\"When enabled, all requests are redirected to WASM\(.*\)>.*<\/force>|<force desc=\"When enabled, all requests are redirected to WASM\1>${FORCE_WASM}<\/force>|" \
             /etc/coolwsd/coolwsd.xml
 
+    ## Document Signing
+    sed -i -e "s|<enable .*=\"Enable document signing\(.*\)>.*<\/enable>|<enable desc=\"Enable document signing\1>${ENABLE_DOCUMENT_SIGNING}<\/enable>|" /etc/coolwsd/coolwsd.xml
 fi
 
 # Generate WOPI proof key