diff --git a/.cirrus.yml b/.cirrus.yml
index 4989481..febb758 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -22,6 +22,7 @@ env:
     AARDVARK_DNS_URL: "https://api.cirrus-ci.com/v1/artifact/github/containers/aardvark-dns/success/binary.zip?branch=${AARDVARK_DNS_BRANCH}"
     FEDORA_NETAVARK_AARCH64_AMI: "fedora-netavark-aws-arm64-${IMAGE_SUFFIX}"
     EC2_INST_TYPE: "t4g.xlarge"
+    NETAVARK_UPSTREAM: "1"
 
 
 gcp_credentials: ENCRYPTED[d6efdb7d6d4c61e3831df2193ca6348bb02f26cd931695f69d41930b1965f7dab72a838ca0902f6ed8cde66c7deddae2]
@@ -257,10 +258,8 @@ success_task:
     API_URL_BASE: "https://api.cirrus-ci.com/v1/artifact/build/${CIRRUS_BUILD_ID}"
     EXP_BINS: >-
         netavark
-        netavark.debug
         netavark.info
         netavark.aarch64-unknown-linux-gnu
-        netavark.debug.aarch64-unknown-linux-gnu
         netavark.info.aarch64-unknown-linux-gnu
   clone_script: *noop
   bin_cache: *ro_bin_cache
diff --git a/Cargo.lock b/Cargo.lock
index 969a288..25234b6 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1433,7 +1433,7 @@ checksum = "defc4c55412d89136f966bbb339008b474350e5e6e78d2714439c386b3137a03"
 
 [[package]]
 name = "netavark"
-version = "1.14.0"
+version = "1.14.1"
 dependencies = [
  "anyhow",
  "chrono",
diff --git a/Cargo.toml b/Cargo.toml
index 816b5cd..375c842 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "netavark"
-version = "1.14.0"
+version = "1.14.1"
 edition = "2021"
 authors = ["github.com/containers"]
 license = "Apache-2.0"
diff --git a/Makefile b/Makefile
index 4b0a18a..210eb4c 100644
--- a/Makefile
+++ b/Makefile
@@ -29,6 +29,8 @@ CARGO ?= cargo
 CARGO_TARGET_DIR ?= targets
 export CARGO_TARGET_DIR  # 'cargo' is sensitive to this env. var. value.
 
+SOURCES = src/** Cargo.toml Cargo.lock
+
 ifdef debug
 $(info debug is $(debug))
   # These affect both $(CARGO_TARGET_DIR) layout and contents
@@ -41,7 +43,7 @@ else
 endif
 
 .PHONY: all
-all: build
+all: build docs
 
 bin:
 	mkdir -p $@
@@ -50,12 +52,13 @@ $(CARGO_TARGET_DIR):
 	mkdir -p $@
 
 .PHONY: build
-build: build_netavark build_proxy_client
+build: bin/netavark
 
-.PHONY: build_netavark
-build_netavark: bin $(CARGO_TARGET_DIR)
+bin/netavark: $(SOURCES) bin $(CARGO_TARGET_DIR)
 	$(CARGO) build $(release)
-	cp $(CARGO_TARGET_DIR)/$(profile)/netavark bin/netavark$(if $(debug),.debug,)
+	cp $(CARGO_TARGET_DIR)/$(profile)/netavark bin/netavark
+	cp $(CARGO_TARGET_DIR)/$(profile)/netavark-dhcp-proxy-client bin/netavark-dhcp-proxy-client
+
 
 .PHONY: examples
 examples: bin $(CARGO_TARGET_DIR)
@@ -104,10 +107,12 @@ install: $(NV_UNIT_FILES)
 
 .PHONY: uninstall
 uninstall:
+	$(MAKE) -C docs uninstall
 	rm -f $(DESTDIR)$(LIBEXECPODMAN)/netavark
 	rm -f $(PREFIX)/share/man/man1/netavark*.1
 	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-dhcp-proxy.service
 	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-dhcp-proxy.socket
+	rm -f ${DESTDIR}${SYSTEMDDIR}/netavark-firewalld-reload.service
 
 .PHONY: test
 test: unit integration
@@ -152,8 +157,3 @@ mock-rpm:
 .PHONY: help
 help:
 	@echo "usage: make $(prog) [debug=1]"
-
-.PHONY: build_proxy_client
-build_proxy_client: bin $(CARGO_TARGET_DIR)
-	$(CARGO) build --bin netavark-dhcp-proxy-client $(release)
-	cp $(CARGO_TARGET_DIR)/$(profile)/netavark-dhcp-proxy-client bin/netavark-dhcp-proxy-client$(if $(debug),.debug,)
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index c695316..dc8c177 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,5 +1,11 @@
 # Release Notes
 
+## v1.14.1
+
+* Fixed an issue where the Makefile did not install the `netavark-firewalld(7)` man page. ([#1179](https://github.com/containers/netavark/issues/1179))
+* Fixed the detection of Firewalld's StrictForwardPorts property.
+* Upstream tests no longer check for the commit sha in the version output by default so downstream tests on packaged versions without the commit info can pass.
+
 ## v1.14.0
 
 * bridge: Add support for a new option called `mode`. When set to `unmanaged` only the veth pair and ip addresses are setup. The bridge must exist and no firewall or sysctl setting will be configured in this mode. ([#1090](https://github.com/containers/netavark/issues/1090))
diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
index 6ecdb6e..2202ea4 100755
--- a/contrib/cirrus/runner.sh
+++ b/contrib/cirrus/runner.sh
@@ -19,9 +19,9 @@ _run_noarg() {
 _run_build() {
     # Assume we're on a fast VM, compile everything needed by the
     # rest of CI since subsequent tasks may have limited resources.
-    make all debug=1
     make build_unit  # reuses some debug binaries
     make all  # optimized/non-debug binaries
+    make examples # build the examples binaries needed by the integration tests
     # This will get scooped up and become part of the artifact archive.
     # Identify where the binary came from to benefit downstream consumers.
     cat | tee bin/netavark.info << EOF
diff --git a/docs/Makefile b/docs/Makefile
index 72449fb..9d24f30 100644
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -17,12 +17,17 @@ docs: $(patsubst %.md,%,$(wildcard *.[0-9].md))
 	$(GO) install github.com/cpuguy83/go-md2man/v2@latest
 
 .PHONY: install
-install:
+install: docs
 	install -d ${DESTDIR}/${MANDIR}/man1
 	install -m 0644 *.1 ${DESTDIR}/${MANDIR}/man1
 	install -d ${DESTDIR}/${MANDIR}/man7
 	install -m 0644 *.7 ${DESTDIR}/${MANDIR}/man7
 
+.PHONY: uninstall
+uninstall:
+	rm -f ${DESTDIR}/${MANDIR}/man1/*.1
+	rm -f ${DESTDIR}/${MANDIR}/man7/*.7
+
 .PHONY: clean
 clean:
-	$(RM) *.1
+	$(RM) *.1 *.7
diff --git a/src/firewall/firewalld.rs b/src/firewall/firewalld.rs
index bfcbb43..de51fff 100644
--- a/src/firewall/firewalld.rs
+++ b/src/firewall/firewalld.rs
@@ -1062,7 +1062,35 @@ pub fn is_firewalld_strict_forward_enabled(dbus_con: &Option<Connection>) -> boo
         "Get",
         &("org.fedoraproject.FirewallD1.config", "StrictForwardPorts"),
     ) {
-        Ok(b) => b.body().deserialize().unwrap_or(false),
+        Ok(b) => {
+            let variant_str: String = match b.body().deserialize::<Value>() {
+                Ok(v) => match v.downcast::<String>() {
+                    Ok(s) => s,
+                    Err(e) => {
+                        warn!(
+                            "couldn't downcast StrictForwardPorts value to string: {}",
+                            e
+                        );
+                        return false;
+                    }
+                },
+                Err(e) => {
+                    warn!("couldn't retrieve StrictForwardPorts property: {}", e);
+                    return false;
+                }
+            };
+            match variant_str.to_lowercase().as_str() {
+                "yes" => true,
+                "no" => false,
+                other => {
+                    warn!(
+                        "unexpected value from StrictForwardPorts property: {}",
+                        other
+                    );
+                    false
+                }
+            }
+        }
         Err(_) => {
             // Assume any error is related to the property not existing
             // (As it will not on older firewalld versions)
diff --git a/test/001-basic.bats b/test/001-basic.bats
index bc30a17..f74220d 100644
--- a/test/001-basic.bats
+++ b/test/001-basic.bats
@@ -12,7 +12,9 @@ load helpers
     run_netavark version
     json="$output"
     assert_json "$json" ".version" =~ "^1\.[0-9]+\.[0-9]+(-rc[0-9]|-dev)?" "correct version"
-    assert_json "$json" ".commit" =~ "[0-9a-f]{40}" "shows commit sha"
+    if [ -n "$NETAVARK_UPSTREAM" ]; then
+        assert_json "$json" ".commit" =~ "[0-9a-f]{40}" "shows commit sha"
+    fi
     assert_json "$json" ".build_time" =~ "20.*" "show build date"
     assert_json "$json" ".target" =~ ".*" "contains target string"
 }