diff --git a/charts/hedgedoc/Chart.yaml b/charts/hedgedoc/Chart.yaml
index 83daee6f756e98bb846163470eda082e02964d7f..4e14569e0893ed46afc9bef4c10e30191b46c35f 100644
--- a/charts/hedgedoc/Chart.yaml
+++ b/charts/hedgedoc/Chart.yaml
@@ -14,7 +14,7 @@ keywords:
 sources:
     - https://github.com/hedgedoc/hedgedoc/tree/master
     - https://git.shivering-isles.com/shivering-isles/infrastructure-gitops/-/tree/main/charts/hedgedoc
-version: 0.2.3
+version: 0.3.0
 # renovate: image=quay.io/hedgedoc/hedgedoc
 appVersion: 1.9.7
 maintainers:
diff --git a/charts/hedgedoc/README.md b/charts/hedgedoc/README.md
index 8beee62c866a7bb387d79816bc73172cfd1ac80f..56a2864cea9d6cf11535a1bbbbb523740ee84fab 100644
--- a/charts/hedgedoc/README.md
+++ b/charts/hedgedoc/README.md
@@ -1,6 +1,6 @@
 # hedgedoc
 
-![Version: 0.2.3](https://img.shields.io/badge/Version-0.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.7](https://img.shields.io/badge/AppVersion-1.9.7-informational?style=flat-square)
+![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.7](https://img.shields.io/badge/AppVersion-1.9.7-informational?style=flat-square)
 
 A platform to write and share markdown.
 
@@ -72,7 +72,10 @@ A platform to write and share markdown.
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
-| podSecurityContext | object | `{}` |  |
+| podSecurityContext.allowPrivilegeEscalation | bool | `false` |  |
+| podSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| podSecurityContext.fsGroup | int | `10000` |  |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | postgresql.auth.database | string | `"hedgedoc"` |  |
 | postgresql.auth.existingSecret | string | `""` |  |
 | postgresql.auth.password | string | `""` |  |
@@ -80,7 +83,9 @@ A platform to write and share markdown.
 | postgresql.enabled | bool | `true` |  |
 | postgresql.tls.enabled | bool | `false` |  |
 | resources | object | `{}` |  |
-| securityContext | object | `{}` |  |
+| securityContext.readOnlyRootFilesystem | bool | `true` |  |
+| securityContext.runAsNonRoot | bool | `true` |  |
+| securityContext.runAsUser | int | `10000` |  |
 | service.port | int | `80` |  |
 | service.type | string | `"ClusterIP"` |  |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
diff --git a/charts/hedgedoc/templates/deployment.yaml b/charts/hedgedoc/templates/deployment.yaml
index dcaad8e39420e4484a72355ac328cff68c292b6c..6fc63d86ea66e640af4adbcc054e2ae0c49bddd8 100644
--- a/charts/hedgedoc/templates/deployment.yaml
+++ b/charts/hedgedoc/templates/deployment.yaml
@@ -52,11 +52,19 @@ spec:
               protocol: TCP
           livenessProbe:
             httpGet:
+              {{- if (semverCompare ">1.9.7" .Chart.AppVersion)}}
+              path: /_health
+              {{-  else }}
               path: /status
+              {{- end }}
               port: http
           readinessProbe:
             httpGet:
+              {{- if (semverCompare ">1.9.7" .Chart.AppVersion)}}
+              path: /_health
+              {{-  else }}
               path: /status
+              {{- end }}
               port: http
           {{- if .Values.postgresql.tls.enabled }}
           volumeMounts:
diff --git a/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap b/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
index 4e7ad63682b9a83e5b815272786872b40a580751..ffd96ee4073ad22d45904dd235e31d11a9a4c46d 100644
--- a/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
+++ b/charts/hedgedoc/tests/__snapshot__/98_snapshot_test.yaml.snap
@@ -73,7 +73,7 @@ should match basic snapshot:
               imagePullPolicy: IfNotPresent
               livenessProbe:
                 httpGet:
-                  path: /status
+                  path: /_health
                   port: http
               name: hedgedoc
               ports:
@@ -82,11 +82,21 @@ should match basic snapshot:
                   protocol: TCP
               readinessProbe:
                 httpGet:
-                  path: /status
+                  path: /_health
                   port: http
               resources: {}
-              securityContext: {}
-          securityContext: {}
+              securityContext:
+                readOnlyRootFilesystem: true
+                runAsNonRoot: true
+                runAsUser: 10000
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            fsGroup: 10000
+            seccompProfile:
+              type: RuntimeDefault
           serviceAccountName: RELEASE-NAME-hedgedoc
   3: |
     apiVersion: networking.k8s.io/v1
diff --git a/charts/hedgedoc/values.yaml b/charts/hedgedoc/values.yaml
index 510e8e71465f131bea1552e07654a1b14e426f27..d26b31b6976370e110a80b6d3d69feb35aecb1cf 100644
--- a/charts/hedgedoc/values.yaml
+++ b/charts/hedgedoc/values.yaml
@@ -66,16 +66,19 @@ postgresql:
 
 podAnnotations: {}
 
-podSecurityContext: {}
-  # fsGroup: 2000
+podSecurityContext:
+  allowPrivilegeEscalation: false
+  fsGroup: 10000
+  capabilities:
+    drop:
+      - ALL
+  seccompProfile:
+    type: RuntimeDefault
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 10000
 
 service:
   type: ClusterIP