diff --git a/server-ce/hotfix/4.0.1/Dockerfile b/server-ce/hotfix/4.0.1/Dockerfile
new file mode 100644
index 0000000000..95d053617c
--- /dev/null
+++ b/server-ce/hotfix/4.0.1/Dockerfile
@@ -0,0 +1,9 @@
+FROM sharelatex/sharelatex:4.0.0
+
+# Patch: Block access to metrics endpoint
+COPY pr_13229_ce_only.patch .
+RUN patch -p0 --directory=/ < pr_13229_ce_only.patch
+
+# Patch: Remove documentation link from editor outline
+COPY outline_doc_icon.patch .
+RUN patch -p0 < outline_doc_icon.patch
diff --git a/server-ce/hotfix/4.0.1/outline_doc_icon.patch b/server-ce/hotfix/4.0.1/outline_doc_icon.patch
new file mode 100644
index 0000000000..847cfde633
--- /dev/null
+++ b/server-ce/hotfix/4.0.1/outline_doc_icon.patch
@@ -0,0 +1,9 @@
+--- services/web/app/views/project/editor/file-tree-react.pug
++++ services/web/app/views/project/editor/file-tree-react.pug
+@@ -38,5 +38,3 @@ aside.editor-sidebar.full-size
+ 				highlighted-line="highlightedLine"
+ 				show="show"
+ 			)
+-
+-	documentation-button
+\ No newline at end of file
diff --git a/server-ce/hotfix/4.0.1/pr_13229_ce_only.patch b/server-ce/hotfix/4.0.1/pr_13229_ce_only.patch
new file mode 100644
index 0000000000..9bb134fbe3
--- /dev/null
+++ b/server-ce/hotfix/4.0.1/pr_13229_ce_only.patch
@@ -0,0 +1,14 @@
+--- etc/nginx/sites-enabled/sharelatex.conf
++++ etc/nginx/sites-enabled/sharelatex.conf
+@@ -4,6 +4,11 @@ server {
+
+ 	root /overleaf/services/web/public/;
+
++	# block external access to prometheus /metrics
++	location /metrics {
++		internal;
++	}
++
+ 	location / {
+ 		proxy_pass http://127.0.0.1:3000;
+ 		proxy_http_version 1.1;