diff --git a/docs/getting-started.md b/docs/getting-started.md
index 1b213a77..9822fcb9 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -195,7 +195,8 @@ If your cluster has not the default `10.0.0.0/8` CIDR configured, you need to pr
 ```yaml
 cluster:
   networking:
-    cidr: "127.0.0.0/8"
+    cidr:
+      - "127.0.0.0/8"
 ```
 
 ### Ingress
diff --git a/docs/migrations.md b/docs/migrations.md
index 5c947268..484a23a8 100644
--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -3,10 +3,11 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic
 SPDX-License-Identifier: Apache-2.0
 -->
 
-<h1>Migrations</h1>
+<h1>Upgrade migrations</h1>
 
 * [Disclaimer](#disclaimer)
 * [From v0.8.1](#from-v081)
+  * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
   * [Updated customizable template attributes](#updated-customizable-template-attributes)
   * [`migrations` S3 bucket](#migrations-s3-bucket)
 
@@ -18,6 +19,11 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this
 
 # From v0.8.1
 
+## Updated `cluster.networking.cidr`
+
+- Action: `cluster.networking.cidr` is now an array (was a string until 0.8.1), please update your setup accordingly if you explicitly set this value.
+- Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml)
+
 ## Updated customizable template attributes
 
 - Action: Please ensure you update you custom deployment values according with the updated default value structure.
diff --git a/docs/requirements.md b/docs/requirements.md
index de9f74fe..b5166147 100644
--- a/docs/requirements.md
+++ b/docs/requirements.md
@@ -33,11 +33,11 @@ openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s)
 
 The following minimal requirements are thought for initial evaluation deployment:
 
-| Spec | Value                                                |
-|------|------------------------------------------------------|
-| CPU  | 8 Cores of x64 or x86 CPU (ARM is not supported yet) |
-| RAM  | 16 GB, recommended 32 GB                             |
-| Disk | HDD or SSD, >10 GB                                   |
+| Spec | Value                                                 |
+| ---- | ----------------------------------------------------- |
+| CPU  | 12 Cores of x64 or x86 CPU (ARM is not supported yet) |
+| RAM  | 32 GB, more recommended                               |
+| Disk | HDD or SSD, >10 GB                                    |
 
 # Kubernetes
 
diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
index 380fde9f..3cd53369 100644
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -35,6 +35,9 @@ configuration:
         value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
     host: {{ .Values.cache.nextcloud.host | quote }}
     port: {{ .Values.cache.nextcloud.port | quote }}
+  collabora:
+    # internalWopiUrl: ""
+    wopiAllowlist: {{ join " " .Values.cluster.networking.cidr | quote }}
   database:
     host: {{ .Values.databases.nextcloud.host | quote }}
     port: {{ .Values.databases.nextcloud.port | quote }}
diff --git a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
index 587b7513..47313490 100644
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -66,6 +66,7 @@ php:
           value: "nextcloud_user"
         password:
           value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+    trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }}
   containerSecurityContext:
     allowPrivilegeEscalation: false
     capabilities:
@@ -107,6 +108,7 @@ apache2:
   configuration:
     php:
       host: "opendesk-nextcloud-php.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
+    trustedProxies: {{ join " " .Values.cluster.networking.cidr | quote }}
   containerSecurityContext:
     allowPrivilegeEscalation: false
     capabilities:
@@ -143,4 +145,5 @@ apache2:
   replicaCount: {{ .Values.replicas.nextcloudApache2 }}
   resources:
     {{ .Values.resources.nextcloudApache2 | toYaml | nindent 4 }}
+
 ...
diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
index 1e4df0e5..ab3cca41 100644
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -31,7 +31,7 @@ dovecot:
     introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
     introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
     usernameAttribute: "opendesk_username"
-  loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }}
+  loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }}
 
   submission:
     enabled: true
diff --git a/helmfile/apps/services/values-postfix.yaml.gotmpl b/helmfile/apps/services/values-postfix.yaml.gotmpl
index f515845d..9528e429 100644
--- a/helmfile/apps/services/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/services/values-postfix.yaml.gotmpl
@@ -51,7 +51,7 @@ postfix:
         - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
   rspamdHost: ""
   relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
-  relayNets: {{ .Values.cluster.networking.cidr | quote}}
+  relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
   smtpSASLAuthEnable: "yes"
   smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
   smtpUseTLS: "yes"
diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml
index 003d553d..e29f9c8c 100644
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -220,7 +220,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "2.1.0"
+    version: "3.0.0"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -230,7 +230,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "2.1.0"
+    version: "3.0.0"
     verify: true
   nginx:
     # providerCategory: "Community"
diff --git a/helmfile/environments/default/cluster.yaml b/helmfile/environments/default/cluster.yaml
index 8e0fcae7..ab31b3cc 100644
--- a/helmfile/environments/default/cluster.yaml
+++ b/helmfile/environments/default/cluster.yaml
@@ -15,8 +15,9 @@ cluster:
   networking:
     # Kubernetes internal cluster domain.
     domain: "cluster.local"
-    # Kubernetes cluster network CIDR.
-    cidr: "10.0.0.0/8"
+    # Kubernetes cluster network CIDRs.
+    cidr:
+      - "10.0.0.0/8"
     # Ingress-gateway IP - only relevant for "NodePort" cluster services.
     # When ingress and egress gateway use different ips, which results that pods can't self-discover their incoming ip,
     # you need to provide the public (load-balanced) ingress gateways ip address.
diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml
index 00fa51c8..88e9e5bb 100644
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -229,7 +229,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-apache2"
-    tag: "1.1.22@sha256:8bfa92fcfdcb2fee1b3560a623ffb319fcfcc7e5fbcc20d631df747427e88f84"
+    tag: "1.1.24@sha256:c9222da8be7af12c9076b41d1a14e019725afc075e1aaa2b727be21c1bf45f10"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -245,7 +245,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-management"
-    tag: "1.4.2@sha256:a4c12a624c76b44c8305a768ced33e2b9af9497ff9cfa639045df846d89fbda4"
+    tag: "1.4.4@sha256:b70c159d6a1827748ca1f8fe0b9fd5b011eaed8719172105e1e9c8b8d776cf97"
   nextcloudPHP:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -253,7 +253,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud-php"
-    tag: "1.10.1@sha256:8eb5ac95eaea69e0928e48aa5a121cbf10f359be4679040da8464810e9d799ff"
+    tag: "1.10.3@sha256:e659ab95d0d3a33d4937354449c12fa46fe2669a866bbf432a9d729bed6d54f7"
   opendeskKeycloakBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"