diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2205ed9b..832e25d2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,10 @@ All notable changes to this project will be documented in this file. The format
 
 > **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.
 
+### Security
+
+- **Fail2ban**:
+  - Ensure a secure connection, when downloading the fail2ban package ([#4080](https://github.com/docker-mailserver/docker-mailserver/pull/4080))
 ### Added
 
 - **Internal:**
diff --git a/target/scripts/build/packages.sh b/target/scripts/build/packages.sh
index 004c3b8c..4469f508 100644
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@@ -189,8 +189,8 @@ function _install_fail2ban() {
 
   gpg --keyserver "${FAIL2BAN_GPG_PUBLIC_KEY_SERVER}" --recv-keys "${FAIL2BAN_GPG_PUBLIC_KEY_ID}" 2>&1
 
-  curl -Lkso fail2ban.deb "${FAIL2BAN_DEB_URL}"
-  curl -Lkso fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
+  curl -fsSLo fail2ban.deb "${FAIL2BAN_DEB_URL}"
+  curl -fsSLo fail2ban.deb.asc "${FAIL2BAN_DEB_ASC_URL}"
 
   FINGERPRINT=$(LANG=C gpg --verify fail2ban.deb.asc fail2ban.deb |& sed -n 's#Primary key fingerprint: \(.*\)#\1#p')