diff --git a/Dockerfile b/Dockerfile
index 23313e1161418fc52a2bb50187eba67cafc01b24..fa267d111c5a17bb6a5af7567fdcd859b481743c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM nextcloud:19.0.8-fpm
+FROM nextcloud:19.0.9-fpm
 ARG BASE_DIR="/usr/src/nextcloud"
 ARG TMP_PATCH_DIR="/tmp/build_patches"
 ARG THEME_VERSION="19.0.8.2"
@@ -6,12 +6,15 @@ ARG NEWS_VERSION="14.2.2"
 ARG QUOTA_WARN_VERSION="1.8.0"
 ARG CARNET_VERSION="0.23.7"
 ARG NOTES_VERSION="3.6.4"
+ARG CONTACTS_VERSION="3.4.3"
+ARG CALENDAR_VERSION="2.0.5"
+ARG USER_BACKEND_RAW_SQL_VERSION="1.0.12"
 
 RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
 COPY patches/ ${TMP_PATCH_DIR}/
 COPY custom_entrypoint.sh /
 RUN chmod +x /custom_entrypoint.sh
-RUN sed -i 's/19,0,8,1/19,0,8,6/' ${BASE_DIR}/version.php
+RUN sed -i 's/19,0,9,1/19,0,9,3/' ${BASE_DIR}/version.php
 
 # Custom apps
 RUN curl -fsSL -o news.tar.gz \
@@ -34,15 +37,36 @@ RUN curl -fsSL -o notes.tar.gz \
     tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \
     rm notes.tar.gz;
 
+RUN curl -fsSL -o contacts.tar.gz \
+    "https://github.com/nextcloud/contacts/releases/download/v${CONTACTS_VERSION}/contacts.tar.gz" && \
+    tar -xf contacts.tar.gz -C ${BASE_DIR}/custom_apps/ && \
+    rm contacts.tar.gz;
+
+RUN curl -fsSL -o calendar.tar.gz \
+    "https://github.com/nextcloud/calendar/releases/download/v${CALENDAR_VERSION}/calendar.tar.gz" && \
+    tar -xf calendar.tar.gz -C ${BASE_DIR}/custom_apps/ && \
+    rm calendar.tar.gz;
+
+RUN curl -fsSL -o user_backend_sql_raw.tar.gz \
+    "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \
+    tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \
+    rm user_backend_sql_raw.tar.gz;
+
 # Patches
 #RUN patch -u ${BASE_DIR}/core/signature.json -i ${TMP_PATCH_DIR}/001-sha512-signature.patch
 RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch
 RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
 RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
-RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak.patch
+RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
+RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
 RUN patch -u ${BASE_DIR}/custom_apps/notes/lib/Service/NoteUtil.php -i ${TMP_PATCH_DIR}/006-notes-url-fix.patch
 RUN rm -rf ${TMP_PATCH_DIR}
 
+# autocomplete leak tweak apps frontend with sed, disable group suggestion
+
+RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/contacts-main.js
+RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/calendar.js
+
 # Custom theme
 RUN curl -fsSL -o eelo-theme.tar.gz \
     "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \
diff --git a/custom_entrypoint.sh b/custom_entrypoint.sh
index 1732ca15d933e954b92f011ab57f057d19a4ea0b..5669605d1a928b31b4b40a3ecd77f1755119dfda 100644
--- a/custom_entrypoint.sh
+++ b/custom_entrypoint.sh
@@ -10,6 +10,9 @@ rsync $rsync_options --include "/news/" --exclude '/*' $SRC_DIR/custom_apps/ $DS
 rsync $rsync_options --include "/notes/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
 rsync $rsync_options --include "/quota_warning/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
 rsync $rsync_options --include "/carnet/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
+rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
+rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
+rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/
 
 rsync $rsync_options --include "/eelo/" --exclude '/*' $SRC_DIR/themes/ $DST_DIR/themes/
 
diff --git a/patches/005-autocomplete-user-leak.patch b/patches/005-autocomplete-user-leak-core.patch
similarity index 86%
rename from patches/005-autocomplete-user-leak.patch
rename to patches/005-autocomplete-user-leak-core.patch
index 6bc2becb6e4c4bca2587cda2358d75de855c1136..c89672620b6a6c64075f9cdf02c574c69acad98e 100644
--- a/patches/005-autocomplete-user-leak.patch
+++ b/patches/005-autocomplete-user-leak-core.patch
@@ -1,25 +1,5 @@
---- lib/private/User/Database.php	2021-01-25 15:56:05.000000000 +0100
-+++ lib/private/User/Database-new.php	2021-02-16 14:54:37.161624233 +0100
-@@ -284,7 +284,7 @@
- 		$result = $query->execute();
- 		$displayNames = [];
- 		while ($row = $result->fetch()) {
--			$displayNames[(string)$row['uid']] = (string)$row['displayname'];
-+			$displayNames[(string)$row['uid']] = (string)$row['uid'];
- 		}
- 
- 		return $displayNames;
 --- lib/private/Collaboration/Collaborators/UserPlugin.php	2021-01-25 15:56:05.000000000 +0100
 +++ lib/private/Collaboration/Collaborators/UserPlugin-new.php	2021-02-16 14:56:26.778152834 +0100
-@@ -92,7 +92,7 @@
- 			}
- 		} else {
- 			// Search in all users
--			$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
-+			$usersTmp = $this->userManager->search($search, $limit, $offset);
- 			foreach ($usersTmp as $user) {
- 				if ($user->isEnabled()) { // Don't keep deactivated users
- 					$users[$user->getUID()] = $user;
 @@ -114,7 +114,7 @@
  			$uid = (string) $uid;
  			if (
diff --git a/patches/005-autocomplete-user-leak-custom-app.patch b/patches/005-autocomplete-user-leak-custom-app.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5455ba660c30fdf259898ae0a35e268413a8a5b0
--- /dev/null
+++ b/patches/005-autocomplete-user-leak-custom-app.patch
@@ -0,0 +1,12 @@
+--- user_backend_sql_raw/lib/UserBackend.php	2020-10-06 01:56:49.000000000 +0200
++++ user_backend_sql_raw/lib/UserBackend-new.php	2021-03-02 15:43:12.615868478 +0100
+@@ -108,7 +108,8 @@
+ 		// Because MariaDB can not handle string parameters for LIMIT/OFFSET we have to bind the
+ 		// values "manually" instead of passing an array to execute(). This is another instance of
+ 		// MariaDB making the code "uglier".
+-		$statement->bindValue(':search', '%' . $searchString . '%', \PDO::PARAM_STR);
++		$statement->bindValue(':search', $searchString , \PDO::PARAM_STR);
++
+ 		if (isset($limit)) {
+ 			$statement->bindValue(':limit', intval($limit), \PDO::PARAM_INT);
+ 		}
\ No newline at end of file