diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 1dbf985ad..d0c76a2bd 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -134,6 +134,11 @@ jobs:
           docker push localhost:5000/base-php:arm64
           rm base-php-arm64.tar base-php-amd64.tar
           
+      - name: Update version in config/app.php (tag)
+        if: "github.event_name == 'release' && github.event.action == 'published'"
+        run: |
+          sed -i "s/'version' => 'canary',/'version' => '${{ steps.build_info.outputs.version_tag }}',/" config/app.php
+              
       - name: Build and Push (tag)
         uses: docker/build-push-action@v6
         if: "github.event_name == 'release' && github.event.action == 'published'"
diff --git a/app/Http/Controllers/Api/Application/Users/UserController.php b/app/Http/Controllers/Api/Application/Users/UserController.php
index c9a5e63e9..adf93d425 100644
--- a/app/Http/Controllers/Api/Application/Users/UserController.php
+++ b/app/Http/Controllers/Api/Application/Users/UserController.php
@@ -102,12 +102,15 @@ class UserController extends ApplicationApiController
      */
     public function assignRoles(AssignUserRolesRequest $request, User $user): array
     {
-        foreach ($request->input('roles') as $role) {
-            if ($role === Role::getRootAdmin()->id) {
-                continue;
-            }
+        if (!$user->isRootAdmin()) {
+            $rootAdminId = Role::getRootAdmin()->id;
+            foreach ($request->input('roles') as $role) {
+                if ($role === $rootAdminId) {
+                    continue;
+                }
 
-            $user->assignRole($role);
+                $user->assignRole($role);
+            }
         }
 
         $response = $this->fractal->item($user)
@@ -125,12 +128,15 @@ class UserController extends ApplicationApiController
      */
     public function removeRoles(AssignUserRolesRequest $request, User $user): array
     {
-        foreach ($request->input('roles') as $role) {
-            if ($role === Role::getRootAdmin()->id) {
-                continue;
-            }
+        if (!$user->isRootAdmin()) {
+            $rootAdminId = Role::getRootAdmin()->id;
+            foreach ($request->input('roles') as $role) {
+                if ($role === $rootAdminId) {
+                    continue;
+                }
 
-            $user->removeRole($role);
+                $user->removeRole($role);
+            }
         }
 
         $response = $this->fractal->item($user)
@@ -169,8 +175,12 @@ class UserController extends ApplicationApiController
      */
     public function delete(DeleteUserRequest $request, User $user): JsonResponse
     {
-        $user->delete();
+        if (!$user->isRootAdmin()) {
+            $user->delete();
 
-        return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+            return new JsonResponse([], JsonResponse::HTTP_NO_CONTENT);
+        }
+
+        return new JsonResponse([], JsonResponse::HTTP_FORBIDDEN);
     }
 }
diff --git a/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php b/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php
index 9dbcfb127..f05e0f08b 100644
--- a/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php
+++ b/app/Http/Requests/Api/Application/Users/AssignUserRolesRequest.php
@@ -8,8 +8,8 @@ class AssignUserRolesRequest extends StoreUserRequest
     public function rules(?array $rules = null): array
     {
         return [
-            'roles' => 'array',
-            'roles.*' => 'int',
+            'roles' => 'required|array',
+            'roles.*' => 'integer|exists:roles,id',
         ];
     }
 }
diff --git a/app/Jobs/ProcessWebhook.php b/app/Jobs/ProcessWebhook.php
index 5105266a2..ff414ab72 100644
--- a/app/Jobs/ProcessWebhook.php
+++ b/app/Jobs/ProcessWebhook.php
@@ -12,6 +12,7 @@ use Illuminate\Queue\SerializesModels;
 use Illuminate\Support\Carbon;
 use Illuminate\Support\Facades\Http;
 use App\Enums\WebhookType;
+use Illuminate\Support\Arr;
 
 class ProcessWebhook implements ShouldQueue
 {
@@ -32,7 +33,8 @@ class ProcessWebhook implements ShouldQueue
         if (count($data) === 1) {
             $data = reset($data);
         }
-        $data = is_array($data) ? $data : (json_decode($data, true) ?? []);
+
+        $data = Arr::wrap(json_decode($data, true) ?? []);
         $data['event'] = $this->webhookConfiguration->transformClassName($this->eventName);
 
         if ($this->webhookConfiguration->type === WebhookType::Discord) {
diff --git a/app/Services/Servers/ServerCreationService.php b/app/Services/Servers/ServerCreationService.php
index 03692e65e..64492e2c6 100644
--- a/app/Services/Servers/ServerCreationService.php
+++ b/app/Services/Servers/ServerCreationService.php
@@ -184,9 +184,15 @@ class ServerCreationService
             $records = array_merge($records, $data['allocation_additional']);
         }
 
-        Allocation::query()->whereIn('id', $records)->update([
-            'server_id' => $server->id,
-        ]);
+        Allocation::query()
+            ->whereIn('id', array_values(array_unique($records)))
+            ->whereNull('server_id')
+            ->lockForUpdate()
+            ->get()
+            ->each(function (Allocation $allocation) use ($server) {
+                $allocation->server_id = $server->id;
+                $allocation->save();
+            });
     }
 
     /**