diff --git a/Makefile b/Makefile
index 413d33e..aa90086 100644
--- a/Makefile
+++ b/Makefile
@@ -1,6 +1,6 @@
 HOME=$(shell pwd)
 MAINVERSION=1.8
-VERSION=1.8.4
+VERSION=1.8.8
 RELEASE=1
 
 all: build
diff --git a/SOURCES/haproxy.service b/SOURCES/haproxy.service
index 0b9dbe6..e43f5ff 100644
--- a/SOURCES/haproxy.service
+++ b/SOURCES/haproxy.service
@@ -6,13 +6,31 @@ After=syslog.target network.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/haproxy
 Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/var/run/haproxy.pid"
-ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
-ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $OPTIONS
-ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q $OPTIONS
+ExecStartPre=/usr/sbin/haproxy -f $CONFIG -c -q
+ExecStart=/usr/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE
+ExecReload=/usr/sbin/haproxy -f $CONFIG -c -q
 ExecReload=/bin/kill -USR2 $MAINPID
 KillMode=mixed
 Restart=always
 Type=notify
 
+# The following lines leverage SystemD's sandboxing options to provide
+# defense in depth protection at the expense of restricting some flexibility
+# in your setup (e.g. placement of your configuration files) or possibly
+# reduced performance. See systemd.service(5) and systemd.exec(5) for further
+# information.
+
+# NoNewPrivileges=true
+# ProtectHome=true
+# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
+# any state files and any other files written using 'ReadWritePaths' or
+# 'RuntimeDirectory'.
+# ProtectSystem=true
+# ProtectKernelTunables=true
+# ProtectKernelModules=true
+# ProtectControlGroups=true
+# If your SystemD version supports them, you can add: @reboot, @swap, @sync
+# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io
+
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
\ No newline at end of file