diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa10fce5e..55396be7e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -207,7 +207,7 @@ pages:
 
 .docker: &docker
   stage: docker
-  image: docker:20.10.18
+  image: docker:24
   variables:
     DOCKER_TLS_CERTDIR: "/certs"
     DOCKER_HOST: tcp://docker:2376
@@ -215,13 +215,13 @@ pages:
     DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
     DOCKER_DRIVER: overlay2
   services:
-    - docker:20.10.18-dind
+    - docker:24-dind
   cache: {}
   before_script:
     # Install buildx
-    - wget https://github.com/docker/buildx/releases/download/v0.9.1/buildx-v0.9.1.linux-amd64
+    - wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64
     - mkdir -p ~/.docker/cli-plugins/
-    - mv buildx-v0.9.1.linux-amd64 ~/.docker/cli-plugins/docker-buildx
+    - mv buildx-v0.11.2.linux-amd64 ~/.docker/cli-plugins/docker-buildx
     - chmod a+x ~/.docker/cli-plugins/docker-buildx
     # Create env
     - docker context create tls-environment
@@ -256,28 +256,17 @@ build-and-push-to-latest-docker-tag:
     - >
       docker buildx build
       --push
-      --platform linux/amd64
-      -t framasoft/mobilizon:$CI_COMMIT_TAG
-      -t framasoft/mobilizon:latest
-      -f docker/production/Dockerfile .
-
-build-and-push-to-latest-docker-tag-cross:
-  <<: *docker
-  rules: &release-tag-rules
-    - if: '$CI_PROJECT_NAMESPACE != "framasoft"'
-      when: never
-    - if: $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /alpha|beta|rc/
-      when: on_success
-  timeout: 3 hours
-  allow_failure: true
-  script:
-    - >
-      docker buildx build
-      --push
-      --platform linux/arm, linux/arm64
+      --platform linux/${ARCH}
+      --build-arg="${ERL_FLAGS}"
       -t framasoft/mobilizon:$CI_COMMIT_TAG
       -t framasoft/mobilizon:latest
       -f docker/production/Dockerfile .
+  parallel:
+    matrix:
+      - ARCH: ["amd64"]
+        ERL_FLAGS: ["ERL_FLAGS="]
+      - ARCH: ["arm64"]
+        ERL_FLAGS: ["ERL_FLAGS=+JMsingle true"]
 
 
 # Don't push to latest when building beta/rc tags
@@ -339,7 +328,7 @@ package-app-dev:
 # Packaging app for multi-arch
 multi-arch-release:
   stage: package
-  image: docker:20.10.21
+  image: docker:24
   variables:
     DOCKER_TLS_CERTDIR: "/certs"
     DOCKER_HOST: tcp://docker:2376
@@ -349,13 +338,13 @@ multi-arch-release:
     APP_ASSET: "${CI_PROJECT_NAME}_${CI_COMMIT_REF_NAME}_${ARCH}.tar.gz"
     OS: debian-buster
   services:
-    - docker:20.10.21-dind
+    - docker:24-dind
   cache: {}
   before_script:
     # Install buildx
-    - wget https://github.com/docker/buildx/releases/download/v0.9.1/buildx-v0.9.1.linux-amd64
+    - wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64
     - mkdir -p ~/.docker/cli-plugins/
-    - mv buildx-v0.9.1.linux-amd64 ~/.docker/cli-plugins/docker-buildx
+    - mv buildx-v0.11.2.linux-amd64 ~/.docker/cli-plugins/docker-buildx
     - chmod a+x ~/.docker/cli-plugins/docker-buildx
     # Create env
     - docker context create tls-environment
@@ -364,7 +353,7 @@ multi-arch-release:
     - docker pull tonistiigi/binfmt:latest
     - docker run --rm --privileged tonistiigi/binfmt:latest --install all
   script:
-    - docker buildx build --platform linux/${ARCH} --output type=local,dest=releases --build-arg APP_ASSET=${APP_ASSET} -f docker/multiarch/Dockerfile .
+    - docker buildx build --platform linux/${ARCH} --output type=local,dest=releases --build-arg="ERL_FLAGS=+JMsingle true" --build-arg APP_ASSET=${APP_ASSET} -f docker/multiarch/Dockerfile .
     - ls -alh releases/mobilizon/
     - du -sh releases/mobilizon/${APP_ASSET}
     - mv releases/mobilizon/${APP_ASSET} .
@@ -377,7 +366,7 @@ multi-arch-release:
       - erl_crash.dump # if there's a memory issue
   parallel:
     matrix:
-      - ARCH: ["arm", "arm64"]
+      - ARCH: ["arm64"]
   rules:
     - if: '$CI_COMMIT_TAG != null || $CI_PIPELINE_SOURCE == "schedule" || $CI_PIPELINE_TRIGGERED == "true"'
   timeout: 3h
diff --git a/docker/multiarch/Dockerfile b/docker/multiarch/Dockerfile
index d4e3d0d72..80d6ae1e8 100644
--- a/docker/multiarch/Dockerfile
+++ b/docker/multiarch/Dockerfile
@@ -4,6 +4,11 @@ ENV MIX_ENV prod
 # ENV LANG en_US.UTF-8
 ARG APP_ASSET
 
+# Fix qemu segfault on arm64
+# See https://github.com/plausible/analytics/pull/2879 and https://github.com/erlang/otp/pull/6340
+ARG ERL_FLAGS=""
+ENV ERL_FLAGS=$ERL_FLAGS
+
 # Set the right versions
 ENV ELIXIR_VERSION latest
 ENV ERLANG_VERSION latest
diff --git a/docker/production/Dockerfile b/docker/production/Dockerfile
index 1b5370e5b..a77e01c88 100644
--- a/docker/production/Dockerfile
+++ b/docker/production/Dockerfile
@@ -12,6 +12,11 @@ RUN yarn install --network-timeout 100000 \
 # Then, build the application binary
 FROM elixir:1.14-alpine AS builder
 
+# Fix qemu segfault on arm64
+# See https://github.com/plausible/analytics/pull/2879 and https://github.com/erlang/otp/pull/6340
+ARG ERL_FLAGS=""
+ENV ERL_FLAGS=$ERL_FLAGS
+
 RUN apk add --no-cache build-base git cmake
 
 COPY mix.exs mix.lock ./