diff --git a/docker-compose.yml b/docker-compose.yml
index 1d50c47..d732ffe 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -38,4 +38,4 @@ services:
       - elasticsearch
       - minio
     ports:
-      - 8080:8080
+      - 8080:8080
\ No newline at end of file
diff --git a/docs/conf.py b/docs/conf.py
index 2875f7e..5f0a01b 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -26,7 +26,7 @@
 master_doc = 'index'
 
 # The full version, including alpha/beta/rc tags
-release = '4.0.0'
+release = '4.0.9'
 
 
 # -- General configuration ---------------------------------------------------
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 3f81e61..d4297d2 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -153,11 +153,13 @@ LDAP Configuration
 Storage Configuration
 ---------------------
 
+If aws s3 environment is used and s3.access_key and s3.secret_key are not defined, credentials will be taken according to the `aws default credential provider chain <https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html>`_.
+
   s3.access_key
-    This is the access key for the S3 bucket. Required.
+    This is the access key for the S3 bucket. Required (Optional if using AWS).
 
   s3.secret_key
-    This is the secret key for the S3 bucket. Required.
+    This is the secret key for the S3 bucket. Required (Optional if using AWS).
 
   s3.region
     This is the region that the S3 bucket is located in. Required.
diff --git a/gradle.properties b/gradle.properties
index fd98467..0d4453e 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,5 +1,5 @@
-version=4.0.8b
+version=4.0.9
 group=org.openmbee.mms
 
-mmsVersion=4.0.8
+mmsVersion=4.0.9
 springBootVersion=2.6.7
diff --git a/openapi/api-docs.yaml b/openapi/api-docs.yaml
index a473231..1578662 100644
--- a/openapi/api-docs.yaml
+++ b/openapi/api-docs.yaml
@@ -5,7 +5,7 @@ info:
   license:
     name: Apache 2.0
     url: http://www.apache.org/licenses/LICENSE-2.0.txt
-  version: 4.0.4
+  version: 4.0.9
   contact:
     name: OpenMBEE
     url: http://openmbee.org
diff --git a/openapi/doc-config.json b/openapi/doc-config.json
index cf897be..e21c7d0 100644
--- a/openapi/doc-config.json
+++ b/openapi/doc-config.json
@@ -3,5 +3,5 @@
     "invokerPackage": "org.openmbee.mms",
     "groupId": "org.openmbee.mms",
     "artifactId": "mms-client",
-    "artifactVersion": "4.0.4"
+    "artifactVersion": "4.0.9"
 }
diff --git a/openapi/java-config.json b/openapi/java-config.json
index 7b0fe84..7002eae 100644
--- a/openapi/java-config.json
+++ b/openapi/java-config.json
@@ -1,7 +1,7 @@
 {
     "groupId": "org.openmbee.mms",
     "artifactId": "mms-java-client",
-    "artifactVersion": "4.0.4",
+    "artifactVersion": "4.0.9",
     "artifactUrl": "https://github.com/Open-MBEE/mms",
     "artifactDescription": "Java OpenAPI Client for MMS",
     "library": "jersey2",
diff --git a/openapi/python-config.json b/openapi/python-config.json
index 3f9c2e3..76ec1f2 100644
--- a/openapi/python-config.json
+++ b/openapi/python-config.json
@@ -1,5 +1,5 @@
 {
     "packageName": "mms_python_client",
     "projectName": "mms-python-client",
-    "packageVersion": "4.0.4"
+    "packageVersion": "4.0.9"
 }
diff --git a/src/main/java/org/openmbee/mms/mmsri/MMSRIApplication.java b/src/main/java/org/openmbee/mms/mmsri/MMSRIApplication.java
index dbf4c01..b7f057f 100644
--- a/src/main/java/org/openmbee/mms/mmsri/MMSRIApplication.java
+++ b/src/main/java/org/openmbee/mms/mmsri/MMSRIApplication.java
@@ -13,7 +13,7 @@
 @OpenAPIDefinition(
     info = @Info(
         title = "MMS Reference Implementation API",
-        version = "4.0.4",
+        version = "4.0.9",
         description = "Documentation for MMS API",
         license = @License(name = "Apache 2.0", url = "http://www.apache.org/licenses/LICENSE-2.0.txt")
     ),
diff --git a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
index 36c57d2..c73fd40 100644
--- a/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
+++ b/src/main/java/org/openmbee/mms/mmsri/config/SecurityConfig.java
@@ -33,6 +33,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter implements
     @Value("${mms.hsts.enabled:false}")
     private boolean hsts;
 
+    @Value("${cors.allowed.origins:*}")
+    private String allowedOrigins;
+
     @Autowired
     AuthSecurityConfig authSecurityConfig;
 
@@ -77,14 +80,16 @@ public void addCorsMappings(CorsRegistry registry) {
                 .allowedMethods("*")
                 .allowCredentials(true)
                 .maxAge(3600L)
-                .allowedOriginPatterns("*");
+                .allowedOriginPatterns(allowedOrigins.split(","));
     }
 
     private CorsFilter corsFilter() {
         UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
         CorsConfiguration config = new CorsConfiguration();
         config.setAllowCredentials(true);
-        config.addAllowedOriginPattern("*");
+        for (String origin: allowedOrigins.split(",")) {
+            config.addAllowedOriginPattern(origin);
+        }
         config.addAllowedHeader("*");
         config.addAllowedMethod("*");
         config.setMaxAge(3600L);
diff --git a/src/main/resources/application.properties.example b/src/main/resources/application.properties.example
index 43c9c54..35dcc73 100644
--- a/src/main/resources/application.properties.example
+++ b/src/main/resources/application.properties.example
@@ -4,6 +4,8 @@ mms.admin.username=test
 mms.admin.password=test
 mms.stream.batch.size=100000
 
+cors.allowed.origins=*
+
 # jwt issued by mms for logins via /authentication
 jwt.secret=make_me_something_really_long
 jwt.expiration=86400