diff --git a/.github/workflows/vm-tests.yml b/.github/workflows/vm-tests.yml
index 667e359ae..dfd631139 100644
--- a/.github/workflows/vm-tests.yml
+++ b/.github/workflows/vm-tests.yml
@@ -234,6 +234,12 @@ jobs:
           
           ssh "${SSH_OPTIONS[@]}" "root@${SERVER_ADDRESS}" "ncc status" | grep "version:" | awk '{ print $3 }'
           latest_nc_version="$(cat /__w/nextcloudpi/nextcloudpi/etc/ncp.cfg | jq -r '.nextcloud_version')"
+          current_nc_version_new="$(ssh "${SSH_OPTIONS[@]}" "root@${SERVER_ADDRESS}" "ncc status" | grep "version:" | awk '{ print $3 }')"
+          
+          if [[ "$current_nc_version_new" =~ "$latest_nc_version".* ]]
+          then
+            exit 0
+          fi
           
           for i in {1..10};
           do
diff --git a/bin/ncp-diag b/bin/ncp-diag
index 16cbbd0ab..fd496f244 100644
--- a/bin/ncp-diag
+++ b/bin/ncp-diag
@@ -70,15 +70,11 @@ echo "Internet check|$( ping -W 2 -w 1 -q github.com &>/dev/null && echo ok || e
 
 function is_port_open()
 {
-  # The URL leads to an application I've deployed for NCP on https://fly.io using a Docker container I made.
-  # The image for the container is available on Docker Hub (zendai/checkport:sanic) if you wish to deploy one yourself.
-  # The code for the Sanic server and Docker image is available at: https://github.com/ZendaiOwl/Build/tree/master/Docker/Python/Sanic/checkport
-  # I only have a free tier with limited outbound data per month, 100GB p/month.
-  # If we go over 100GB outbound data in a month, I will start being charged for the data going over that limit.
-  # I used a low level Python socket library & fortunately each request only consumes aprox. ~ 60-74 bytes p/second.
-  # Meaning 100GB should be plenty, it should be enough to handle a little less
-  # than 450 request p/second a month, unless my calculations are wrong.
-  # Thank you :pray: from Victor-ray, S. https://github.com/ZendaiOwl
+  # Checkport is deployed at fly.io by Victor-ray, S. for NextcloudPi.
+  # Repo: https://gitbox.zendai.net.eu.org/n0rs3/checkport
+  # docker.io/zendai/checkport:sanic
+  # Please don't abuse it :pray:
+  # It's deployed with free limits on my personal account and can handle a little less than 450 request p/second before I get charged extra.
   local -r PORTURL="https://checkport.zendai.net.eu.org/check"
   local TYPE="${1?}" IPType
   # Checks both port 80 & 443 for IPv4/IPv6 and returns the result or [N/A] [N/A]
diff --git a/changelog.md b/changelog.md
index bf5649f36..e9aba981e 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,14 @@
 # NextcloudPi Changelog
 
+## [v1.57.1](https://github.com/nextcloud/nextcloudpi/tree/v1.57.1) (2026-04-14) Various fixes
+
+### Fixes
+
+- Fail gracefully when parsing invalid backup cache ([#2105](https://github.com/nextcloud/nextcloudpi/pull/2105), thanks @Dominik0101)
+- security: Properly escape all bash arguments in ncp-web (ncp-launcher.php)
+- Make sure, sury repository key is updated from pkg sources (fixes [#2104](https://github.com/nextcloud/nextcloudpi/issues/2104))
+- Fix broken ncp-preview-generator cronjob script (fixes [#2107](https://github.com/nextcloud/nextcloudpi/issues/2107))
+
 ## [v1.57.0](https://github.com/nextcloud/nextcloudpi/tree/v1.57.0) (2026-04-04) Nextcloud 33, new previewgenerator, fixes
 
 ### Changes
diff --git a/etc/ncp-templates/cron.hourly/ncp-previewgenerator.sh b/etc/ncp-templates/cron.hourly/ncp-previewgenerator.sh
index 078458ef3..d8ad947c2 100644
--- a/etc/ncp-templates/cron.hourly/ncp-previewgenerator.sh
+++ b/etc/ncp-templates/cron.hourly/ncp-previewgenerator.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 
 cat <<'EOF'
+#!/usr/bin/env bash
+set -eu
+
 GENERATE_JOB_ID="ncp-generate-previews"
 
 if [[ "$(systemctl is-active "${GENERATE_JOB_ID}" ||:)" =~ ^(active|activating|deactivating)$ ]]
@@ -9,15 +12,13 @@ then
   exit 0
 fi
 
-#!/usr/bin/env bash
-set -eu
 source /usr/local/etc/library.sh
 
 if is_app_enabled memories
 then
-  ncc config:app:set --value="256 4096" previewgenerator coverWidthHeightSizes
+  ncc config:app:set --value="256 4096" previewgenerator coverWidthHeightSizes > /dev/null
 else
-  ncc config:app:set --value="" previewgenerator coverWidthHeightSizes
+  ncc config:app:set --value="" previewgenerator coverWidthHeightSizes > /dev/null
 fi
 
 for _ in $(seq 1 $(nproc)); do
diff --git a/lamp.sh b/lamp.sh
index afb99465d..f9ffae3d1 100644
--- a/lamp.sh
+++ b/lamp.sh
@@ -26,8 +26,9 @@ install()
 {
     set -x
     # Setup apt repository for php 8
-    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
-    echo "deb https://packages.sury.org/php/ ${RELEASE%-security} main" > /etc/apt/sources.list.d/php.list
+    wget -O /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
+    dpkg -i /tmp/debsuryorg-archive-keyring.deb
+    echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
     apt-get update
     $APTINSTALL apt-utils cron curl
     ls -l /var/lock || true
diff --git a/ncp-web/backups.php b/ncp-web/backups.php
index 28f0c2f2b..b045e4543 100644
--- a/ncp-web/backups.php
+++ b/ncp-web/backups.php
@@ -55,7 +55,10 @@ function filesize_compat($file)
     $cache_str = file_get_contents($cache_file)
       or exit("error opening ${cache_file}");
 
-    $cache = json_decode($cache_str, true) or [];
+    $cache = json_decode($cache_str, true);
+    if (!is_array($cache)) {
+      $cache = [];
+    }
   } else {
     $cache = [];
   }
diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php
index 2a0d83eb8..e5b874e03 100644
--- a/ncp-web/ncp-launcher.php
+++ b/ncp-web/ncp-launcher.php
@@ -16,6 +16,11 @@
 $l10nDir = "l10n";
 ignore_user_abort(true);
 
+function bash_escape_arg($arg): string
+{
+  return "'" . str_replace("'", "\\'", $arg) . "'";
+}
+
 //
 // language
 //
@@ -105,7 +110,7 @@
   echo ' "output": "" , ';
   echo ' "ret": ';
 
-  exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . $ncp_app . '"' , $output , $ret );
+  exec( 'bash -c "sudo /home/www/ncp-launcher.sh ' . bash_escape_arg($ncp_app) . '"' , $output , $ret );
   echo '"' . $ret . '" }';
 }
 
@@ -159,7 +164,7 @@
     exit('{ "output": "domain can\'t be empty", "ret": 1 }');
   }
   echo '{ "token": "' . getCSRFToken() . '",';               // Get new token
-  exec("/usr/bin/php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value '" . $_POST['url'] . "'",
+  exec("/usr/bin/php /var/www/nextcloud/occ config:system:set overwrite.cli.url --value " . bash_escape_arg($_POST['url']),
       $out, $ret);
   echo  ' "out": "' . htmlspecialchars(join("\n", $out), ENT_QUOTES, "UTF-8") . '", ';
   echo  ' "ret": "' . $ret . '"}';
diff --git a/staged_rollouts/v1.57.1.txt b/staged_rollouts/v1.57.1.txt
new file mode 100644
index 000000000..33e03b81b
--- /dev/null
+++ b/staged_rollouts/v1.57.1.txt
@@ -0,0 +1,15 @@
+4
+5
+7
+8
+21
+27
+30
+31
+32
+50
+64
+68
+71
+79
+81
\ No newline at end of file
diff --git a/updates/1.57.0.sh b/updates/1.57.0.sh
index e75f79012..97402f3e3 100644
--- a/updates/1.57.0.sh
+++ b/updates/1.57.0.sh
@@ -4,10 +4,22 @@ set -eu
 
 source /usr/local/etc/library.sh
 
+apt-get update
+
+if [[ ! -e /usr/share/keyrings/debsuryorg-archive-keyring.gpg ]]
+then
+  echo "Setup sury package repository key"
+  curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
+  dpkg -i /tmp/debsuryorg-archive-keyring.deb
+  echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
+  apt-get update
+
+  echo "done."
+fi
+
 echo "Configuring serverid ..."
 ncc config:system:get serverid > /dev/null || ncc config:system:set serverid --value="$((RANDOM % 1024))" --type=integer
 echo "Installing PHP APCU ..."
-apt-get update
 apt-get install -y php${PHPVER}-apcu
 echo "Enable apache2 remoteip"
 a2enmod remoteip
diff --git a/updates/1.57.1.sh b/updates/1.57.1.sh
new file mode 100644
index 000000000..4fe85ba8a
--- /dev/null
+++ b/updates/1.57.1.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+set -eu
+
+source /usr/local/etc/library.sh
+
+echo "Reconfigure automatic preview generation (if enabled)"
+run_app nc-previews-auto
+echo "done."
+
+if [[ ! -e /usr/share/keyrings/debsuryorg-archive-keyring.gpg ]]
+then
+  echo "Setup sury package repository key"
+  apt-get update
+  curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
+  dpkg -i /tmp/debsuryorg-archive-keyring.deb
+  echo "deb [signed-by=/usr/share/keyrings/debsuryorg-archive-keyring.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
+  apt-get update
+
+  echo "done."
+fi