diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4ebf627..c154537 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,16 @@
 # CHANGELOG
 
+## v8.5.1
+
+* Fixed undefined variable warning message <!-- [#133](https://github.com/Ente/timetrack/issues/133) -->
+* Changed app.json.sample default values
+* Updated README.md <!-- [#134](https://github.com/Ente/timetrack/issues/134) -->
+* Added `update.sh` script
+* Internal plugin views can now be hidden
+* Fix utility plugin 500 error when trying to export data for user that doesn't exist
+
 ## v8.5
+
 * Fixed an issue with IDs not generated correctly for project items.
 * Added functionality to delete and edit project items.
 * Adding users to a project has been made easier.
diff --git a/README.md b/README.md
index e9172e7..e1cb3ed 100644
--- a/README.md
+++ b/README.md
@@ -61,11 +61,43 @@ Simply install the software by following these steps:
 - Create a new database, e.g. with the name `ab` and create a dedicated user, login (`mysql -u root -p`) then e.g. `timetool`: `CREATE DATABASE ab;` and `CREATE USER 'timetool'@'localhost' IDENTIFIED BY 'yourpassword';` and `GRANT ALL PRIVILEGES ON ab.* TO 'timetool'@'localhost';` don't forget to `FLUSH PRIVILEGES;`!
 - Configure `app.json` (see below - required changes: `base_url`, `db_user`, `db_password`, `smtp` section and any other if your installation is different) then `mv api/v1/inc/app.json.sample app.json && cd /var/www/timetrack`
 - Run DB migrations: `vendor/bin/phinx migrate`
-- Start webserver e.g. `service apache2 stop && php -S 0.0.0.0:80` or using apache2 (then you have to configure the `sites-available` conf yourself)
-- You can then access TimeTrack in your browser at `http://localhost`, default login is `admin` with password `admin`. Create yourself a new admin account, login and delete the default account afterwards.
+- Follow "Use with ..." guides
+
+#### Use with apache2.4
+
+- Create a new virtual host: `sudo nano /etc/apache2/sites-available/timetrack.conf`
+- Content:
+
+```conf
+<VirtualHost *:80>
+    ServerName timetrack.yourdomain.de
+    DocumentRoot /var/www/timetrack
+
+    <Directory /var/www/timetrack>
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog ${APACHE_LOG_DIR}/access.log combined
+</VirtualHost>
+
+```
+
+- Enable site and module: `sudo a2ensite timetrack && a2enmod rewrite`
+
+#### Use with PHP development server
+
+- Start server: `cd /var/www/timetrack && php -S 0.0.0.0:80`
+
+#### Finalize
+
+You can now access TimeTrack in your browser at `http://localhost`, default login is `admin` with password `admin`. Create yourself a new admin account, login and delete the default account afterwards.
 
 To save log files, please create the subfolder `data/logs` and make it writeable to the web server (e.g. `chown www-data:www-data data/logs && chmod 775 data/logs`).
-Please also make sure that the `/data` directory is writable by the webserver, aswell as the plugins directory (default: `api/v1/class/plugins/plugins`).
+Please also make sure that the `/data` directory is writable by the webserver, aswell as the plugins directory (default: `api/v1/class/plugins/plugins`). The `/api/v1/toil/permissions.json` also needs to be writeable by the webserver.
+
+**You can run the `update.sh` script to update your instance: `sudo sh update.sh`**
 
 ### Configure app.json
 
@@ -225,6 +257,9 @@ The theme the user selected is saved as a cookie, meaning it is only selected on
 ## Updates
 
 TimeTrack has to be updated in two ways: database and application.
+A full update on linux based machines can also be performed by executing the `update.sh` file inside the root directory. In any other cases follow the steps below:
+
+If you were seeking assistance and were asked to try out the changes in a branch, please execute this command inside the timetrack root directory: `git fetch && git checkout BRANCH` - replace BRANCH with the actual branch name, e.g. TT-24 or develop.
 
 ### Application
 
diff --git a/VERSION b/VERSION
index 188c409..f9c71a5 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-8.5
+8.5.1
diff --git a/api/v1/class/benutzer/benutzer.arbeit.inc.php b/api/v1/class/benutzer/benutzer.arbeit.inc.php
index 7b567a0..d7dd5df 100644
--- a/api/v1/class/benutzer/benutzer.arbeit.inc.php
+++ b/api/v1/class/benutzer/benutzer.arbeit.inc.php
@@ -410,12 +410,15 @@ public function loadUserTheme()
 
             $themes = scandir($_SERVER["DOCUMENT_ROOT"] . "/assets/css");
             $themes = array_diff($themes, [".", ".."]);
+            if(!isset($_COOKIE["theme"])){
+                return "/assets/css/v8.css";
+            }
             $check = in_array($_COOKIE["theme"], $themes);
             if ($this->get_app_ini()["general"]["force_theme"] == "true") {
                 return $this->get_app_ini()["general"]["theme_file"];
             }
 
-            if (!isset($_COOKIE["theme"]) || !$check) {
+            if (!$check) {
                 return "/assets/css/v8.css";
             } else {
                 return "/assets/css/" . $_COOKIE["theme"];
@@ -446,7 +449,7 @@ public function setUserTheme($theme)
 
         public function checkThemeForce()
         {
-            if ($this->get_app_ini()["general"]["force_theme"] == "true" || $this->get_app_ini()["general"]["force_theme"] == true) {
+            if ($this->get_app_ini()["general"]["force_theme"] == true) {
                 return true;
             } else {
                 return false;
diff --git a/api/v1/class/plugins/PluginBuilder.plugins.arbeit.inc.php b/api/v1/class/plugins/PluginBuilder.plugins.arbeit.inc.php
index 772a853..51c2963 100644
--- a/api/v1/class/plugins/PluginBuilder.plugins.arbeit.inc.php
+++ b/api/v1/class/plugins/PluginBuilder.plugins.arbeit.inc.php
@@ -255,11 +255,12 @@ final public function checkPluginPermissions($pluginName, $view, $user): bool
             if (isset($permissions['nav_permissions'][$viewName])) {
                 $requiredPermission = $permissions['nav_permissions'][$viewName]; 
                 $this->logger("{$la} Required permission for view '{$viewName}': '{$requiredPermission}'");
-                if ($requiredPermission === 5 && $userPermissions === $adminLevel) {
-                    $this->logger("{$la} View '{$viewName}' is marked as internal placeholder. Skipping.");
-                    return true;
+                if ($requiredPermission === 5) {
+                    $this->logger("{$la} View '{$viewName}' has permission level 5 (internal placeholder). Access denied.");
+                    return false;
                 }
 
+
                 if ($requiredPermission === $adminLevel && $userPermissions === $adminLevel) {
                     $this->logger("{$la} User '{$user}' has admin permissions for view '{$viewName}'. Access granted.");
                     return true;
diff --git a/api/v1/class/plugins/plugins/utility/plugin.yml b/api/v1/class/plugins/plugins/utility/plugin.yml
index 23d7670..31e16b6 100644
--- a/api/v1/class/plugins/plugins/utility/plugin.yml
+++ b/api/v1/class/plugins/plugins/utility/plugin.yml
@@ -4,7 +4,7 @@ main: Main
 namespace: utility
 author: Ente
 description: 'Export all data from an user and more.'
-version: '1.0'
+version: '1.1'
 api: 0.1
 permissions: none
 enabled: true
diff --git a/api/v1/class/plugins/plugins/utility/views/download.php b/api/v1/class/plugins/plugins/utility/views/download.php
index 96482d7..26f5817 100644
--- a/api/v1/class/plugins/plugins/utility/views/download.php
+++ b/api/v1/class/plugins/plugins/utility/views/download.php
@@ -16,8 +16,15 @@
 $a->benutzer()->current_user_is_admin();
 
 if(!isset($_POST["username"])){
-    $main->logger("[utility] Username not found. Aborting export...");
+    $main->logger("[utility] Username not found in Request parameters. Aborting export...");
     $a->statusMessages()->redirect("error");
+    exit();
+}
+
+if(!$a->benutzer()->user_active($_POST["username"]) == 1){
+    $main->logger("[utility] Username not found or user disabled. Aborting export...");
+    $a->statusMessages()->redirect("error");
+    exit();
 }
 
 $main->exportAll($_POST["username"])->download();
\ No newline at end of file
diff --git a/api/v1/inc/app.json.sample b/api/v1/inc/app.json.sample
index 785dbba..e4b05bf 100644
--- a/api/v1/inc/app.json.sample
+++ b/api/v1/inc/app.json.sample
@@ -7,9 +7,9 @@
         "auto_update": "false",
         "timezone": "UTC",
         "theme_file": "/assets/css/v8.css",
-        "force_theme": "false",
+        "force_theme": false,
         "demo": false,
-        "telemetry": "enabled",
+        "telemetry": "disabled",
         "telemetry_server_url": "https://telemetry.openducks.org/timetrack/submit"
     },
     "mysql": {
diff --git a/composer.json b/composer.json
index f518736..4e0b92d 100644
--- a/composer.json
+++ b/composer.json
@@ -3,7 +3,7 @@
   "description": "TimeTrack is a PHP-written time recording tool for small businesses",
   "type": "software",
   "license": "GNU GPL",
-  "version": "8.5",
+  "version": "8.5.1",
   "authors": [
     {
       "name": "Bryan Boehnke-Avan",
diff --git a/suite/users/settings.php b/suite/users/settings.php
index 94d8e0a..a8c9b3c 100644
--- a/suite/users/settings.php
+++ b/suite/users/settings.php
@@ -64,10 +64,11 @@
                 <label for="theme">Select a theme:</label>
                 <select name="theme" id="theme" onchange="this.form.submit()">
                     <?php 
+                    $noTheme = "";
                     if($arbeit->benutzer()->checkThemeForce()){
                         $noTheme =  "<p>You cannot select a theme, since your administrator doesn't allow this feature!</p>";
                     } else {
-                        unset($noTheme);
+                        $noTheme = null;
                         $arbeit->benutzer()->computeUserThemes();
                     }
                     
diff --git a/update.sh b/update.sh
new file mode 100644
index 0000000..3798d8a
--- /dev/null
+++ b/update.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+log() {
+    echo -e "[\e[36mUPDATE\e[0m] $1"
+}
+
+abort() {
+    echo -e "[\e[31mERROR\e[0m] $1"
+    exit 1
+}
+
+require_root() {
+    if [[ $EUID -ne 0 ]]; then
+        abort "Please run this script as root or via sudo"
+    fi
+}
+
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
+cd "$SCRIPT_DIR"
+
+log "Directory: $SCRIPT_DIR"
+
+if [[ ${1:-} == "--sudo" ]]; then
+    require_root
+fi
+
+log "Pulling latest changes..."
+git fetch --all
+git reset --hard origin/main || git pull || abort "Git update failed!"
+log "Git update done."
+
+log "Installing composer dependencies..."
+composer install --no-dev --optimize-autoloader --no-interaction
+log "Composer done."
+
+log "Running database migrations..."
+"$SCRIPT_DIR/vendor/bin/phinx" migrate -e production || abort "Migrations failed"
+log "Migrations done."
+
+log "Updating folder permissions..."
+
+sudo chown -R www-data:www-data "$SCRIPT_DIR/data" || abort "Failed to set owner for /data"
+sudo chown -R www-data:www-data "$SCRIPT_DIR/api/v1/class/plugins/plugins"
+sudo chown www-data:www-data "$SCRIPT_DIR/api/v1/toil/permissions.json"
+
+log "Permissions updated."
+log "Update done successfully"