diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 9eda78f2..1de0aa61 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -23,7 +23,7 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/v')
         run: echo "VERSION=$(echo ${GITHUB_REF#refs/tags/})" >> ${GITHUB_ENV}
       - name: Build Image
-        run: docker build -t "${IMAGE}:${VERSION}" v3.3
+        run: docker build -t "${IMAGE}:${VERSION}" v4.1
       - name: Push Image to DockerHub
         env:
           DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3a479637..854641af 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -5,13 +5,13 @@ on:
       - master
 
 jobs:
-  test_3_3:
-    name: Docker build v3.3
+  test_4_1:
+    name: Docker build v4.1
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - name: Build image
-        run: docker build -t test v3.3
+        run: docker build -t test v4.1
       - name: Run image
         run: docker run -d --name apache test
       - name: Verify
diff --git a/README.md b/README.md
index cb804346..f644b014 100644
--- a/README.md
+++ b/README.md
@@ -16,10 +16,10 @@ Based on the official [`owasp/modsecurity-crs`](https://hub.docker.com/r/owasp/m
 
 * [![latest](
   https://img.shields.io/badge/latest-blue.svg?colorA=22313f&colorB=4a637b&logo=docker)](
-  https://github.com/vshn/modsecurity-docker/blob/master/v3.3/Dockerfile) based on [coreruleset/modsecurity-crs-docker](ttps://github.com/coreruleset/modsecurity-crs-docker) (ModSecurity 2, CRS v3.3.2)
-* [![3.3](
-  https://img.shields.io/badge/3.3-blue.svg?colorA=22313f&colorB=4a637b&logo=docker)](
-  https://github.com/vshn/modsecurity-docker/blob/master/v3.3/Dockerfile) based on [coreruleset/modsecurity-crs-docker](ttps://github.com/coreruleset/modsecurity-crs-docker) (ModSecurity 2, CRS v3.3.2)
+  https://github.com/vshn/modsecurity-docker/blob/master/v4.1/Dockerfile) based on [coreruleset/modsecurity-crs-docker](ttps://github.com/coreruleset/modsecurity-crs-docker) (ModSecurity 2, CRS v4.1.0)
+* [![4.1](
+  https://img.shields.io/badge/4.1-blue.svg?colorA=22313f&colorB=4a637b&logo=docker)](
+  https://github.com/vshn/modsecurity-docker/blob/master/v4.1/Dockerfile) based on [coreruleset/modsecurity-crs-docker](ttps://github.com/coreruleset/modsecurity-crs-docker) (ModSecurity 2, CRS v4.1.0)
 
 ## Usage
 
@@ -32,7 +32,7 @@ $ docker run -p 80:80 -it -e PARANOIA=4 --rm vshn/modsecurity bash
 With a Dockerfile:
 
 ```Dockerfile
-FROM docker.io/vshn/modsecurity:3.3
+FROM docker.io/vshn/modsecurity:4.1
 
 ENV PARANOIA=1 \
     ANOMALY_INBOUND=500 \
@@ -49,7 +49,7 @@ VOLUME /tmp/modsecurity
 With Docker Compose to start a ModSecurity and a httpbin container:
 
 ```console
-cd v3.3
+cd v4.1
 docker-compose up
 ```
 
diff --git a/v3.3/.dockerignore b/v4.1/.dockerignore
similarity index 100%
rename from v3.3/.dockerignore
rename to v4.1/.dockerignore
diff --git a/v3.3/Dockerfile b/v4.1/Dockerfile
similarity index 88%
rename from v3.3/Dockerfile
rename to v4.1/Dockerfile
index 87830da6..656bf37b 100644
--- a/v3.3/Dockerfile
+++ b/v4.1/Dockerfile
@@ -1,4 +1,9 @@
-FROM docker.io/owasp/modsecurity-crs:3.3.5-apache-202402140602@sha256:2a6f6f3dbdcf5edda48606e1dd325f7fb785de7b2d22b70dcb03d692046c1d05
+FROM docker.io/owasp/modsecurity-crs:4.1.0-apache-202405050505@sha256:ce9ebaf23dc8d7c229e8a2eef500bcabf6756800ca3226de7553dd70d051feec
+
+# Upstream converted the image to run apache directly as user `httpd` instead of dropping privileges after start-up.
+# see: https://github.com/coreruleset/modsecurity-crs-docker/commit/f9c687500e343f05005739c3d2c72c1dc92b0ff1#diff-02c190dd34ee6ce466ae02364d954e15a049a0343ba71774688653550e4c82f6R215
+# and https://github.com/coreruleset/modsecurity-crs-docker/pull/227
+USER 0:0
 
 ENV APACHE_RUN_USER=www-data \
     APACHE_RUN_GROUP=root \
@@ -136,5 +141,9 @@ RUN mkdir -p \
 
 COPY entrypoint.sh /entrypoint.sh
 
+# See beginning of file and upstream PR:
+# https://github.com/coreruleset/modsecurity-crs-docker/pull/227/files#diff-02c190dd34ee6ce466ae02364d954e15a049a0343ba71774688653550e4c82f6R215
+USER httpd
+
 ENTRYPOINT [ "/entrypoint.sh" ]
 CMD ["apachectl", "-D", "FOREGROUND"]
diff --git a/v3.3/clamd.conf.template b/v4.1/clamd.conf.template
similarity index 100%
rename from v3.3/clamd.conf.template
rename to v4.1/clamd.conf.template
diff --git a/v3.3/custom-rules/README.md b/v4.1/custom-rules/README.md
similarity index 100%
rename from v3.3/custom-rules/README.md
rename to v4.1/custom-rules/README.md
diff --git a/v3.3/custom-rules/after-crs.dist/performance.conf b/v4.1/custom-rules/after-crs.dist/performance.conf
similarity index 100%
rename from v3.3/custom-rules/after-crs.dist/performance.conf
rename to v4.1/custom-rules/after-crs.dist/performance.conf
diff --git a/v3.3/custom-rules/after-crs.dist/timestamps.conf b/v4.1/custom-rules/after-crs.dist/timestamps.conf
similarity index 100%
rename from v3.3/custom-rules/after-crs.dist/timestamps.conf
rename to v4.1/custom-rules/after-crs.dist/timestamps.conf
diff --git a/v3.3/custom-rules/before-crs.dist/baseconfig.conf b/v4.1/custom-rules/before-crs.dist/baseconfig.conf
similarity index 100%
rename from v3.3/custom-rules/before-crs.dist/baseconfig.conf
rename to v4.1/custom-rules/before-crs.dist/baseconfig.conf
diff --git a/v3.3/custom-rules/before-crs.dist/cleanlogs.conf b/v4.1/custom-rules/before-crs.dist/cleanlogs.conf
similarity index 100%
rename from v3.3/custom-rules/before-crs.dist/cleanlogs.conf
rename to v4.1/custom-rules/before-crs.dist/cleanlogs.conf
diff --git a/v3.3/custom-rules/before-crs.dist/infrastructure.conf b/v4.1/custom-rules/before-crs.dist/infrastructure.conf
similarity index 100%
rename from v3.3/custom-rules/before-crs.dist/infrastructure.conf
rename to v4.1/custom-rules/before-crs.dist/infrastructure.conf
diff --git a/v3.3/custom-rules/before-crs.dist/recommended.conf b/v4.1/custom-rules/before-crs.dist/recommended.conf
similarity index 100%
rename from v3.3/custom-rules/before-crs.dist/recommended.conf
rename to v4.1/custom-rules/before-crs.dist/recommended.conf
diff --git a/v3.3/custom-rules/before-crs.dist/timestamps.conf b/v4.1/custom-rules/before-crs.dist/timestamps.conf
similarity index 100%
rename from v3.3/custom-rules/before-crs.dist/timestamps.conf
rename to v4.1/custom-rules/before-crs.dist/timestamps.conf
diff --git a/v3.3/deflate.conf b/v4.1/deflate.conf
similarity index 100%
rename from v3.3/deflate.conf
rename to v4.1/deflate.conf
diff --git a/v3.3/docker-compose.yml b/v4.1/docker-compose.yml
similarity index 100%
rename from v3.3/docker-compose.yml
rename to v4.1/docker-compose.yml
diff --git a/v3.3/entrypoint.sh b/v4.1/entrypoint.sh
similarity index 100%
rename from v3.3/entrypoint.sh
rename to v4.1/entrypoint.sh
diff --git a/v3.3/httpd-logging.conf b/v4.1/httpd-logging.conf
similarity index 100%
rename from v3.3/httpd-logging.conf
rename to v4.1/httpd-logging.conf
diff --git a/v3.3/httpd-vhosts.conf b/v4.1/httpd-vhosts.conf
similarity index 100%
rename from v3.3/httpd-vhosts.conf
rename to v4.1/httpd-vhosts.conf
diff --git a/v3.3/modsecurity.d/include.conf b/v4.1/modsecurity.d/include.conf
similarity index 100%
rename from v3.3/modsecurity.d/include.conf
rename to v4.1/modsecurity.d/include.conf
diff --git a/v3.3/modsecurity.d/modsecurity.conf b/v4.1/modsecurity.d/modsecurity.conf
similarity index 100%
rename from v3.3/modsecurity.d/modsecurity.conf
rename to v4.1/modsecurity.d/modsecurity.conf
diff --git a/v3.3/transform-alert-message.awk b/v4.1/transform-alert-message.awk
similarity index 100%
rename from v3.3/transform-alert-message.awk
rename to v4.1/transform-alert-message.awk
diff --git a/v3.3/virus-check.pl b/v4.1/virus-check.pl
similarity index 100%
rename from v3.3/virus-check.pl
rename to v4.1/virus-check.pl