diff --git a/net/xapsd/Makefile b/net/xapsd/Makefile
index 9ccc74440115..fb9abe292ffd 100644
--- a/net/xapsd/Makefile
+++ b/net/xapsd/Makefile
@@ -1,61 +1,58 @@
 PORTNAME=	xapsd
-DISTVERSION=	g20231019
-PORTREVISION=	1
+DISTVERSION=	g20240326
 CATEGORIES=	net
 
 MAINTAINER=	PopularMoment@protonmail.com
 COMMENT=	Apple push notifications daemon for dovecot
 WWW=		https://github.com/freswa/dovecot-xaps-daemon
 
 LICENSE=	MIT
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
-DEPRECATED=	Requires deprecated lang/go19
-EXPIRATION_DATE=	2024-04-24
-
-# must use 1.19 due to https://github.com/freswa/dovecot-xaps-daemon/issues/24
-USES=		go:1.19,modules
+USES=		go:modules
 USE_RC_SUBR=	xapsd
 USE_GITHUB=	yes
 GH_ACCOUNT=	freswa
 GH_PROJECT=	dovecot-xaps-daemon
-GH_TAGNAME=	836a75b
+GH_TAGNAME=	1e589be
 
 GH_TUPLE=	freswa:go-plist:900e8a7d907d:freswa_go_plist/vendor/github.com/freswa/go-plist \
 		fsnotify:fsnotify:v1.6.0:fsnotify_fsnotify/vendor/github.com/fsnotify/fsnotify \
 		go-ini:ini:v1.67.0:go_ini_ini/vendor/gopkg.in/ini.v1 \
 		go-yaml:yaml:v3.0.1:go_yaml_yaml/vendor/gopkg.in/yaml.v3 \
 		golang-jwt:jwt:v4.5.0:golang_jwt_jwt_v4/vendor/github.com/golang-jwt/jwt/v4 \
 		golang:exp:7918f672742d:golang_exp/vendor/golang.org/x/exp \
 		golang:net:v0.17.0:golang_net/vendor/golang.org/x/net \
 		golang:sys:v0.13.0:golang_sys/vendor/golang.org/x/sys \
 		golang:text:v0.13.0:golang_text/vendor/golang.org/x/text \
 		hashicorp:hcl:v1.0.0:hashicorp_hcl/vendor/github.com/hashicorp/hcl \
 		julienschmidt:httprouter:v1.3.0:julienschmidt_httprouter/vendor/github.com/julienschmidt/httprouter \
 		magiconair:properties:v1.8.7:magiconair_properties/vendor/github.com/magiconair/properties \
 		mitchellh:mapstructure:v1.5.0:mitchellh_mapstructure/vendor/github.com/mitchellh/mapstructure \
 		pelletier:go-toml:v2.1.0:pelletier_go_toml_v2/vendor/github.com/pelletier/go-toml/v2 \
 		sagikazarmark:locafero:v0.3.0:sagikazarmark_locafero/vendor/github.com/sagikazarmark/locafero \
 		sagikazarmark:slog-shim:v0.1.0:sagikazarmark_slog_shim/vendor/github.com/sagikazarmark/slog-shim \
 		sideshow:apns2:v0.23.0:sideshow_apns2/vendor/github.com/sideshow/apns2 \
 		sirupsen:logrus:v1.9.3:sirupsen_logrus/vendor/github.com/sirupsen/logrus \
 		sourcegraph:conc:v0.3.0:sourcegraph_conc/vendor/github.com/sourcegraph/conc \
 		spf13:afero:v1.10.0:spf13_afero/vendor/github.com/spf13/afero \
 		spf13:cast:v1.5.1:spf13_cast/vendor/github.com/spf13/cast \
 		spf13:jwalterweatherman:v1.1.0:spf13_jwalterweatherman/vendor/github.com/spf13/jwalterweatherman \
 		spf13:pflag:v1.0.5:spf13_pflag/vendor/github.com/spf13/pflag \
 		spf13:viper:v1.17.0:spf13_viper/vendor/github.com/spf13/viper \
 		subosito:gotenv:v1.6.0:subosito_gotenv/vendor/github.com/subosito/gotenv \
 		uber-go:atomic:v1.11.0:uber_go_atomic/vendor/go.uber.org/atomic \
 		uber-go:multierr:v1.11.0:uber_go_multierr/vendor/go.uber.org/multierr
 
 GO_TARGET=	./cmd/xapsd:${PREFIX}/sbin/xapsd
 
 USERS=		${PORTNAME}
 GROUPS=		${PORTNAME}
 
+PORTSCOUT=	ignore:1
+
 post-install:
 		${MKDIR} ${STAGEDIR}${PREFIX}/etc/xapsd
 		${INSTALL_DATA} ${WRKSRC}/configs/xapsd/xapsd.yaml ${STAGEDIR}${PREFIX}/etc/xapsd/xapsd.yaml.sample
 
 .include <bsd.port.mk>
diff --git a/net/xapsd/distinfo b/net/xapsd/distinfo
index 220616037c02..741a85ef7df7 100644
--- a/net/xapsd/distinfo
+++ b/net/xapsd/distinfo
@@ -1,57 +1,57 @@
-TIMESTAMP = 1698718840
-SHA256 (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 806a6b32a7b872a140c68421719c93c65bc3205e6e86800dd36c2e5ade2954d0
-SIZE (freswa-dovecot-xaps-daemon-g20231019-836a75b_GH0.tar.gz) = 109537
+TIMESTAMP = 1712416748
+SHA256 (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 1e6c019df01f9c54e4499537678fbebf83270a39570c24677b41b93ed2022e17
+SIZE (freswa-dovecot-xaps-daemon-g20240326-1e589be_GH0.tar.gz) = 110569
 SHA256 (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 2b4a06b8805bc1436ab8f34d6fd140645a0a01ccaf9f4b3a7dc3e0e35f5a2e88
 SIZE (freswa-go-plist-900e8a7d907d_GH0.tar.gz) = 47675
 SHA256 (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 583b2b399709d04807c5c3185e7d4dc0543d532af91fdeb85eeaf803a0b7703b
 SIZE (fsnotify-fsnotify-v1.6.0_GH0.tar.gz) = 46044
 SHA256 (go-ini-ini-v1.67.0_GH0.tar.gz) = 06ba51234140118d1b6064f1817aa89cc971c6e7ce04cb9d286e6660d89296c8
 SIZE (go-ini-ini-v1.67.0_GH0.tar.gz) = 53531
 SHA256 (go-yaml-yaml-v3.0.1_GH0.tar.gz) = cf05411540d3e6ef8f1fd88434b34f94cedaceb540329031d80e23b74540c4e5
 SIZE (go-yaml-yaml-v3.0.1_GH0.tar.gz) = 91173
 SHA256 (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 00b1cc127cba09b4e4ea9efa5c0f18a36bb55e08b5eec0a222b8e1599a938077
 SIZE (golang-jwt-jwt-v4.5.0_GH0.tar.gz) = 53049
 SHA256 (golang-exp-7918f672742d_GH0.tar.gz) = b95b3ce3e29ce58fb69a562d1e0ad092086f5acbe8258e7288a313c9f354f9ed
 SIZE (golang-exp-7918f672742d_GH0.tar.gz) = 1634283
 SHA256 (golang-net-v0.17.0_GH0.tar.gz) = 8cbbc0df17599834c9f547d802045b279724a3931f3cdb92c02d141214fd80c4
 SIZE (golang-net-v0.17.0_GH0.tar.gz) = 1456230
 SHA256 (golang-sys-v0.13.0_GH0.tar.gz) = 8877d20a8f1b2533ddef00e65b6b3b9cebbcbffa319ed525df0bc229f583e2b6
 SIZE (golang-sys-v0.13.0_GH0.tar.gz) = 1442250
 SHA256 (golang-text-v0.13.0_GH0.tar.gz) = c6e22ff8280188539ba0a6c65cbc80cda877adcf5332651fa78044018c05d6af
 SIZE (golang-text-v0.13.0_GH0.tar.gz) = 8967009
 SHA256 (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 50632428210503070fd2fde748c88b7414bf84a6a0eadebf9d8e596a033bead2
 SIZE (hashicorp-hcl-v1.0.0_GH0.tar.gz) = 70658
 SHA256 (julienschmidt-httprouter-v1.3.0_GH0.tar.gz) = 2999dffc23f8ac3872ea37d108ddec0ba570d2780a42876300bdcdb0744908e2
 SIZE (julienschmidt-httprouter-v1.3.0_GH0.tar.gz) = 23889
 SHA256 (magiconair-properties-v1.8.7_GH0.tar.gz) = 09e950df1970975400edc7f6c2f9e3edace4e1ea49f823006387d130fb0f4f03
 SIZE (magiconair-properties-v1.8.7_GH0.tar.gz) = 31425
 SHA256 (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 81106cbac93000812c194b4a2069dd32913ec18819b1e99e8436595ce4939413
 SIZE (mitchellh-mapstructure-v1.5.0_GH0.tar.gz) = 30123
 SHA256 (pelletier-go-toml-v2.1.0_GH0.tar.gz) = ee61dae04dfb61262f2ab5c1b55dabaec8acb74f9513e4729b72511479eb9fd1
 SIZE (pelletier-go-toml-v2.1.0_GH0.tar.gz) = 899401
 SHA256 (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = babb395f253048afda2bd17a91750cf7f2dcb28c1d870f10a01d6d37531d2eeb
 SIZE (sagikazarmark-locafero-v0.3.0_GH0.tar.gz) = 23726
 SHA256 (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = a594ec7e138265768a5c23f8ab460724d8215db45dc1bddde4743bca3373803d
 SIZE (sagikazarmark-slog-shim-v0.1.0_GH0.tar.gz) = 10872
 SHA256 (sideshow-apns2-v0.23.0_GH0.tar.gz) = 5ad9b2fb211ac9ae9040e09ba5b3b2c74189826e778f874b99aeb174ad22a1ea
 SIZE (sideshow-apns2-v0.23.0_GH0.tar.gz) = 1264203
 SHA256 (sirupsen-logrus-v1.9.3_GH0.tar.gz) = cfa48a647a28c1f12fb6a9b672bc4d88b6407ff05aedcf23ce939d342646acce
 SIZE (sirupsen-logrus-v1.9.3_GH0.tar.gz) = 50320
 SHA256 (sourcegraph-conc-v0.3.0_GH0.tar.gz) = c20a36ef6e8cd4721b8824d3e0a590d78f56ce72ace53ec7fdd2f7a978e9240f
 SIZE (sourcegraph-conc-v0.3.0_GH0.tar.gz) = 23021
 SHA256 (spf13-afero-v1.10.0_GH0.tar.gz) = 4a35513ee4da7c1e38d0abd67fe541c15abe21b45e521498060c565d88213950
 SIZE (spf13-afero-v1.10.0_GH0.tar.gz) = 94857
 SHA256 (spf13-cast-v1.5.1_GH0.tar.gz) = 445aa5b0e61b67ccd0d14fe38cd473d73775f1bec4b58fe83b16e3b0cab08a9a
 SIZE (spf13-cast-v1.5.1_GH0.tar.gz) = 15524
 SHA256 (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 4fd850a792c5738954c4801cf549d8d0bf53edd17139cd39d179aa5abf7ec68d
 SIZE (spf13-jwalterweatherman-v1.1.0_GH0.tar.gz) = 6871
 SHA256 (spf13-pflag-v1.0.5_GH0.tar.gz) = 9a2cae1f8e8ab0d2cc8ebe468e871af28d9ac0962cf0520999e3ba85f0c7b808
 SIZE (spf13-pflag-v1.0.5_GH0.tar.gz) = 50796
 SHA256 (spf13-viper-v1.17.0_GH0.tar.gz) = 7f5476e4333a29e6fd5d277f5f9c7c5e234e802419059c6d6b088108e7627358
 SIZE (spf13-viper-v1.17.0_GH0.tar.gz) = 127661
 SHA256 (subosito-gotenv-v1.6.0_GH0.tar.gz) = 51a5a8e36f30ddd97866779e93c4e93b0d4958a60fabd1d17fc2226bfe7823db
 SIZE (subosito-gotenv-v1.6.0_GH0.tar.gz) = 11470
 SHA256 (uber-go-atomic-v1.11.0_GH0.tar.gz) = cfe258c20d71ac4dbf0f716a23ed00c332b7f281180651e2a67ad40a8b0772cc
 SIZE (uber-go-atomic-v1.11.0_GH0.tar.gz) = 24299
 SHA256 (uber-go-multierr-v1.11.0_GH0.tar.gz) = 8aa599cf7de733306cf8770f854f8a38e6c819b1ae4296f15e44b1e7c6698f34
 SIZE (uber-go-multierr-v1.11.0_GH0.tar.gz) = 16900
diff --git a/net/xapsd/files/0001-fix-apple-ignore-malformed-HTTP-headers.patch b/net/xapsd/files/0001-fix-apple-ignore-malformed-HTTP-headers.patch
new file mode 100644
index 000000000000..60ffc0dfb039
--- /dev/null
+++ b/net/xapsd/files/0001-fix-apple-ignore-malformed-HTTP-headers.patch
@@ -0,0 +1,99 @@
+From 1c52af3a7cc168cec089a810c32e861ab988840c Mon Sep 17 00:00:00 2001
+From: Leon Klingele <git@leonklingele.de>
+Date: Wed, 13 Mar 2024 22:12:25 +0100
+Subject: [PATCH] fix(apple): ignore malformed HTTP headers
+
+See also https://github.com/golang/go/issues/21290.
+
+Fixes https://github.com/freswa/dovecot-xaps-daemon/issues/24.
+---
+ pkg/apple_xserver_certs/http.go | 51 ++++++++++++++++++++++++++++++---
+ 1 file changed, 47 insertions(+), 4 deletions(-)
+
+diff --git a/pkg/apple_xserver_certs/http.go b/pkg/apple_xserver_certs/http.go
+index d39a6fc..939fcf0 100644
+--- a/pkg/apple_xserver_certs/http.go
++++ b/pkg/apple_xserver_certs/http.go
+@@ -1,11 +1,16 @@
+ package apple_xserver_certs
+ 
+ import (
++	"bufio"
+ 	"bytes"
++	"context"
++	"crypto/tls"
+ 	"encoding/pem"
++	"io"
+ 	"io/ioutil"
+ 	"log"
+ 	"net/http"
++	"time"
+ )
+ 
+ func NewCerts(username string, passwordhash string) *Certificates {
+@@ -50,7 +55,6 @@ func handleResponse(certs *Certificates, response []byte) *Certificates {
+ }
+ 
+ func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
+-	client := &http.Client{}
+ 	r := bytes.NewReader(reqBody)
+ 	url := "https://identity.apple.com/pushcert/caservice/renew"
+ 	if newCerts {
+@@ -67,12 +71,51 @@ func sendRequest(reqBody []byte, newCerts bool) (respBody []byte) {
+ 	req.Header.Set("Accept", "*/*")
+ 	req.Header.Set("Accept-Language", "en-us")
+ 
+-	resp, err := client.Do(req)
++	req.Close = true
++
++	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
++	defer cancel()
++
++	conn, err := new(tls.Dialer).DialContext(
++		ctx,
++		"tcp",
++		req.URL.Host+":443",
++	)
+ 	if err != nil {
+-		log.Fatalln(err)
++		log.Fatalln(err) // TODO: Handle error properly
++	}
++	defer func() {
++		_ = conn.Close() //nolint:errcheck,gosec // Ignored on purpose
++	}()
++
++	if err := req.Write(conn); err != nil {
++		log.Fatalln(err) // TODO: Handle error properly
++	}
++
++	buf, err := io.ReadAll(io.LimitReader(conn, 1<<10))
++	if err != nil {
++		log.Fatalln(err) // TODO: Handle error properly
++	}
++
++	const (
++		cr = "\r"
++		nl = "\n"
++	)
++	for _, ign := range []string{
++		"1;: mode=block",
++		"max-age=31536000;: includeSubdomains",
++	} {
++		buf = bytes.Replace(buf, []byte(nl+ign+cr+nl), []byte(nl), 1)
++	}
++
++	resp, err := http.ReadResponse(bufio.NewReader(bytes.NewReader(buf)), req)
++	if err != nil {
++		log.Fatalln(err) // TODO: Handle error properly
+ 	}
++	defer func() {
++		_ = resp.Body.Close() //nolint:errcheck,gosec // Ignored on purpose
++	}()
+ 
+-	defer resp.Body.Close()
+ 	respBody, err = ioutil.ReadAll(resp.Body)
+ 	if err != nil {
+ 		log.Fatalln(err)
+-- 
+2.34.1
+