diff --git a/.dockerignore b/.dockerignore
index 5f7bf09347..a5d47a969f 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -36,4 +36,5 @@
 /www/custom
 /www/plugins
 /www/thumbnails
+/www/.htaccess
 npm-debug.log
diff --git a/.env b/.env
index fcef181fc3..5943232b46 100644
--- a/.env
+++ b/.env
@@ -13,7 +13,7 @@
 # https://docs.phraseanet.com/4.1/en/Admin/EnvironnementVariables.html
 
 
-# --- ATTENTION POINTS FOR PHRASEANET CONFIGURATION ----------------------------
+# --- ATTENTION POINTS FOR PHRASEANET CONFIGURATION -------------------------------------------------------------------
 # 1. Default Passwords: Ensure all default passwords defined in this configuration are changed to secure, personalized passwords before deployment.
 # 2. MariaDB Container: The provided MariaDB container is not ready for production as-is and requires adjustments. It is recommended to use an external, redundant service for the primary datastore.
 # 3. Configuration Persistence: Changes made in this file need appropriate backups as they are crucial for system restoration and disaster recovery.
@@ -52,9 +52,9 @@
 # - "app"             : launch Phraseanet and Workers.
 # - "setup"           : launch a Phraseanet installation and configuration container, this container is launched to perform a default installation and
 #                       each time it is necessary to update the Phraseanet configuration using the env variables.
-#                       when an update is performed, the current 'config' repository is backuped in 
-# - "gateway-classic" : launch nginx service.
-# - "gateway-traefik" : nginx is launched behind a traefik service, at this time `traefik` is not include in this stack but you can use your own
+#                       when an update is performed, the current phraseanet 'config/' repository is backuped in  
+# - "gateway-classic" : launch Nginx service.
+# - "gateway-traefik" : Nginx is launched behind a traefik service, at this time `traefik` is not include in this stack but you can use your own
 #                       or use `Traefik` include in Phrasea Stack.
 # - "workers"         : launch one worker container by kind of Jobs, you can also
 #                       choose to launch only some workers, see worker profile list below.
@@ -147,14 +147,14 @@ COMPOSE_PROFILES=app,setup,gateway-classic,db,elasticsearch,rabbitmq,redis,redis
 # Registry from which you pull docker images.
 # Avalaible values:
 # - "local"     : build and use your images.
-# - "alchemyfr" : using predbuild images from Alchemy registry.
+# - "alchemyfr" : using predbuild images from Alchemy registry from dockerhub.
 #
 # @run
-PHRASEANET_DOCKER_REGISTRY=local
+PHRASEANET_DOCKER_REGISTRY=alchemyfr
 
 # Docker images tag.
 # @run
-PHRASEANET_DOCKER_TAG=4.1.12
+PHRASEANET_DOCKER_TAG=4.1.13
 
 # Stack Name
 # An optionnal Name for the stack
@@ -242,7 +242,7 @@ PHRASEANET_SETUP=1
 PHRASEANET_UPGRADE=0
 
 # Maintenance mode
-# show an nginx unavailability message
+# show an Nginx unavailability message
 # Available values: "0" | "1" 
 # 0 - for no maintenance mode
 # 1 - for persisting maintenance mode 
@@ -278,23 +278,24 @@ RABBITMQ_MANAGEMENT_PORT=10811
 # @run
 RABBITMQ_HOSTNAME=rabbit_phraseanet
 
-# --- Gateway settings (NGINX) -----------------------------------------------------------------------------------------
+# --- Gateway settings (Nginx) -----------------------------------------------------------------------------------------
 
 # Value applied to "send_timeout", "keepalive_timeout", "client_header_timeout"
-# and "client_body_timeout" nginx settings.
+# and "client_body_timeout" Nginx settings.
 # @run
 GATEWAY_SEND_TIMEOUT=120
 
 # Timeout for establishing a connection with a proxied server. See [documentation|
-# http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout].
+# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_connect_timeout].
 # @run
 GATEWAY_PROXY_TIMEOUT=120
 
 # Value applied to "fastcgi_connect_timeout", "fastcgi_read_timeout"
-# and "fastcgi_send_timeout" nginx settings.
+# and "fastcgi_send_timeout" Nginx settings.
 # @run
 GATEWAY_FASTCGI_TIMEOUT=300
 
+# --- Gateway restricted access settings (Nginx) -----------------------------------------------------------------------------------------
 # Activate application access restrictions.
 # Restrictions can be based on IP and/or password. Use these settings to control who can access the application.
 
@@ -318,7 +319,7 @@ GATEWAY_USERS=
 # @run
 GATEWAY_STATUS_ALLOWED_IPS=
 
-# HTTP requests quota management.
+# --- Gateway HTTP requests quota management (Nginx) -----------------------------------------------------------------------------------------
 # Manage http incoming request limits by verbs using the "ngx_http_limit_req_module" module.
 # this feature is based on ip adresses and need PHRASEANET_TRUSTED_PROXIES defined to get real_ip
 # READ is for GET and HEAD requests
@@ -327,11 +328,11 @@ GATEWAY_STATUS_ALLOWED_IPS=
 # @run
 HTTP_REQUEST_LIMITS=false
 
-# (m) For Exemple 16,000 IP addresses takes 1 megabyte, so our zone can store about 160,000 addresses.
+# In megabyte For Exemple 16,000 IP addresses takes 1 megabyte, so our zone can store about 160,000 addresses.
 # @run
 HTTP_READ_REQUEST_LIMIT_MEMORY=10
 
-# (r/s) Sets the maximum request rate. By default here the rate cannot exceed 10 requests per second
+# request/seconde, sets the maximum request rate. By default here the rate cannot exceed 100 requests per second
 # @run
 HTTP_READ_REQUEST_LIMIT_RATE=100
 
@@ -351,16 +352,19 @@ HTTP_WRITE_REQUEST_LIMIT_RATE=100
 # @run
 HTTP_WRITE_REQUEST_LIMIT_BURST=20
 
+# --- Gateway HTTPS settings (Nginx) ------------------------------------------------------------------------------------
 # https and reverse proxy (on/off)
 # set to on in the case : https behind a proxy
 # @run
 GATEWAY_FASTCGI_HTTPS=off
 
+# --- Gateway CSP settings (Nginx) --------------------------------------------------------------------------------------
 # Content Security Policy (CSP)
 # helps to detect and mitigate some types of attacks, including Cross-Site Scripting (XSS).
 # CSP default values are included in the "Gateway" container entrypoint.
-# Use GATEWAY_CSP env var if you want to define yours and/or override Gateway CSP values.
-# GATEWAY_CSP="default-src 'self' 127.0.0.1 https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com data: ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com  data: blob: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com ; img-src 'self'  data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com https://www.gnu.org/graphics/ ; object-src 'self'; frame-ancestors 'self'"
+# Use GATEWAY_CSP env var if you want to define yours or override Gateway default CSP values.
+
+# default value GATEWAY_CSP="default-src 'self' 127.0.0.1 https://sockjs-eu.pusher.com:443 wss://ws-eu.pusher.com https://apiws.carrick-skills.com:8443 https://apiws.carrick-flow.com:8443 https://fonts.gstatic.com *.tiles.mapbox.com https://api.mapbox.com https://events.mapbox.com *.axept.io *.matomo.cloud *.newrelic.com *.nr-data.net https://www.googletagmanager.com *.google-analytics.com *.phrasea.io https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com data: ; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://www.gstatic.com *.alchemyasp.com *.axept.io *.matomo.cloud *.newrelic.com https://www.googletagmanager.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com  data: blob: ; style-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://www.google.com https://www.gstatic.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com ; img-src 'self'  data: blob: *.tiles.mapbox.com https://axeptio.imgix.net *.cloudfront.net *.phrasea.io *.amazonaws.com https://apiws.carrick-flow.com:8443 https://apiws.carrick-skills.com:8443  https://maxcdn.bootstrapcdn.com https://www.gnu.org/graphics/ ; object-src 'self'; frame-ancestors 'self'"
 # @run
 GATEWAY_CSP=
 
@@ -519,6 +523,8 @@ MYSQL_QUERY_CACHE_SIZE=64M
 MYSQL_KEY_BUFFER_SIZE=128M
 
 # --- DB Backup settings ---------------------------------------------------------------------------------------------
+# "db-backup"  profile launch and run a container to cron database backups and backup file's rotation.
+# This container is based on the "alpine" image and use the "mysql-client" package to perform backups. 
 
 # Path where the backuped files will be locally stored
 # @run
@@ -732,14 +738,7 @@ PHRASEANET_AVAILABLE_LANGUAGE=de,en,fr,nl
 # @run
 PHRASEANET_DEFAULT_LANGUAGE=en
 
-
-
-# --- Phraseanet Binaries Execution Timeouts Settings ---
-# These settings define the maximum allowed execution time  for various media processing tools used by Phraseanet.
-# If a process exceeds the specified timeout, it will be considered as having encountered an error.
-# This ensures that system resources are not indefinitely tied up by processes that have stalled or are taking too long to complete.
-
-# --- Phraseanet Binaries Execution Timeouts Settings ---
+# --- Phraseanet Binaries Execution Timeouts Settings -------------------------------------------------------------------
 # These settings define the maximum allowed execution time in minutes for various media processing tools used by Phraseanet.
 # If a process exceeds the specified timeout, it will be considered as having encountered an error.
 # These timeouts should be adjusted based on the file sizes being processed.
@@ -967,36 +966,42 @@ PHRASEANET_EXPLODE_WORKER=1
 #
 # Note for old Phraseanet task planner AKA "Phraseanet scheduler": To launch the
 # "scheduler" container, add "scheduler" profile to "COMPOSE_PROFILES" env
-# var. Launch this container only if you need to use the old Phraseanet tasks.
+# variable.
+# Launch this container only if you need to use the old Phraseanet Archive tasks.
 # @run
 PHRASEANET_WORKERS_LAUNCH_METHOD=
 
+# --- Phraseanet Worker Settings ----------------------------------------------------------------------------------------
+# Define the number of parallel processes launched in a worker container.
+# Prefer scaling the number of containers over the number of processes within a container.
+# this default setting is for a test platform, for production, adjust the number of workers based on the expected workload and to your infrastructure capacity.
+
 # @run
 PHRASEANET_WORKER_assetsIngest=1
 
 # @run
-PHRASEANET_WORKER_createRecord=2
+PHRASEANET_WORKER_createRecord=1
 
 # @run
-PHRASEANET_WORKER_deleteRecord=2
+PHRASEANET_WORKER_deleteRecord=1
 
 # @run
-PHRASEANET_WORKER_editRecord=2
+PHRASEANET_WORKER_editRecord=1
 
 # @run
-PHRASEANET_WORKER_exportMail=2
+PHRASEANET_WORKER_exportMail=1
 
 # @run
-PHRASEANET_WORKER_downloadAsync=2
+PHRASEANET_WORKER_downloadAsync=1
 
 # @run
-PHRASEANET_WORKER_exposeUpload=2
+PHRASEANET_WORKER_exposeUpload=1
 
 # @run
 PHRASEANET_WORKER_ftp=1
 
 # @run
-PHRASEANET_WORKER_mainQueue=3
+PHRASEANET_WORKER_mainQueue=1
 
 # @run
 PHRASEANET_WORKER_populateIndex=1
@@ -1026,8 +1031,9 @@ PHRASEANET_WORKER_writeMetadatas=1
 PHRASEANET_WORKER_shareBasket=1
 
 # PHRASEANET_CMD_MODE=1, set a worker container for run bin/console... or bin/maintenance... manualy
+# Add "cmd" profile to COMPOSE_PROFILE 
 # @run
-PHRASEANET_CMD_MODE
+PHRASEANET_CMD_MODE=1
 
 # --- Phraseanet Locales settings --------------------------------------------------------------------------------------
 
@@ -1119,7 +1125,9 @@ PHRASEANET_CAPTION_DIR=./tmp/caption
 # @run
 PHRASEANET_WORKER_TMP=./tmp/worker
 
-# Backup Directory: Location for storing backup files.
+# Backup Directory: Location for backup Phraseanet 'config/' repository.
+# the backup is perfomed by 'setup' container before performing an update
+# Executed 
 # @run
 PHRASEANET_BACKUP_DIR=./backup
 
@@ -1193,7 +1201,7 @@ NEWRELIC_APP_NAME=
 # --- SAML Authentication Settings --------------------------------------------------------------------------------------
 # Configure settings for SAML (Security Assertion Markup Language) authentication within Phraseanet to enable secure single sign-on (SSO) capabilities.
 # Note: This setup requires an additional paid plugin that is not included in the public images. 
-# It also requires extra containers that must be declared in the Docker compose stack by adding 'phraseanet-saml-sp' to COMPOSE_PROFILE.
+# It also requires extra containers that must be declared in the Docker compose stack by adding 'phraseanet-saml-sp' to COMPOSE_PROFILES.
 
 # Allow Debug: Enables detailed logging for SAML operations. Useful for troubleshooting during setup and testing.
 # @run
@@ -1267,7 +1275,7 @@ PHRASEANET_FTP_DIR=./datas/ftp
 # @run
 SSH_AUTH_SOCK=/dev/null
 
-# Kubernet context needs full pod hosname on nginx reverse proxing 
+# Kubernet context needs full pod hosname on Nginx reverse proxing 
 # This is need for PHraseanet  SAML context on K8S
 # @run
 PHRASEANET_K8S_NAMESPACE=
diff --git a/.gitignore b/.gitignore
index d33424b147..2b86ecd73c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -97,7 +97,4 @@ myvalues.yaml
 
 
 # Exclude gitlog files
-www/gitlog.txt
-
-
-
+www/gitlog.txt
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4b3c297447..7fe58c9f06 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,29 @@
 # CHANGELOG
 
+## 4.1.13
+
+### Update Instructions
+
+- **Migration Patch**:
+  - A migration script for the configuration file is available. Run the following command in the setup container with Docker if the environment variable `PHRASEANET_UPGRADE=1` is set:
+    ```
+    bin/setup system:upgrade
+    ```
+
+### Version Summary
+  - `.env` documentation improvements.
+  - Remove www/.htacess from docker stack.
+  - Remove Nginx access status.
+
+## What's Changed
+* PHRAS-4117 remove gateway /status and /ping page direct access by @moctardiouf in https://github.com/alchemy-fr/Phraseanet/pull/4571
+* PHRAS-4119 exclude www/.htaccess file form docker stack in https://github.com/alchemy-fr/Phraseanet/pull/4573
+
+
+**Full Changelog**: https://github.com/alchemy-fr/Phraseanet/compare/4.1.12...4.1.13
+
+
+__
 ## 4.1.12
 
 ### Update Instructions
@@ -11,7 +35,7 @@
     ```
 
 ### Version Summary
-  - Base image bump for Video encoding fix and newrelic agent installation.
+  - Base image bump for Video encoding fix and newrelic agent installation
   - take in account default language setup in configuration.
   - `.env`file documentation improvement.
 
diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php
index 42a4cacc06..10a7ad83ee 100644
--- a/lib/Alchemy/Phrasea/Core/Version.php
+++ b/lib/Alchemy/Phrasea/Core/Version.php
@@ -17,7 +17,7 @@ class Version
      * @var string
      */
 
-    private $number = '4.1.12';
+    private $number = '4.1.13';
 
     /**
      * @var string