diff --git a/src/routes/branding.js b/src/routes/branding.js
index 4e96568e6..ebb017556 100644
--- a/src/routes/branding.js
+++ b/src/routes/branding.js
@@ -106,27 +106,27 @@ async function getCloudronAvatar(req, res, next) {
     res.status(200).send(avatar);
 }
 
-function get(req, res, next) {
+async function get(req, res, next) {
     assert.strictEqual(typeof req.params.setting, 'string');
 
     switch (req.params.setting) {
-    case settings.APPSTORE_LISTING_CONFIG_KEY: return getAppstoreListingConfig(req, res, next);
-    case settings.CLOUDRON_AVATAR_KEY: return getCloudronAvatar(req, res, next);
-    case settings.CLOUDRON_NAME_KEY: return getCloudronName(req, res, next);
-    case settings.FOOTER_KEY: return getFooter(req, res, next);
+    case settings.APPSTORE_LISTING_CONFIG_KEY: return await getAppstoreListingConfig(req, res, next);
+    case settings.CLOUDRON_AVATAR_KEY: return await getCloudronAvatar(req, res, next);
+    case settings.CLOUDRON_NAME_KEY: return await getCloudronName(req, res, next);
+    case settings.FOOTER_KEY: return await getFooter(req, res, next);
 
     default: return next(new HttpError(404, 'No such setting'));
     }
 }
 
-function set(req, res, next) {
+async function set(req, res, next) {
     assert.strictEqual(typeof req.body, 'object');
 
     switch (req.params.setting) {
-    case settings.APPSTORE_LISTING_CONFIG_KEY: return setAppstoreListingConfig(req, res, next);
-    case settings.CLOUDRON_AVATAR_KEY: return setCloudronAvatar(req, res, next);
-    case settings.CLOUDRON_NAME_KEY: return setCloudronName(req, res, next);
-    case settings.FOOTER_KEY: return setFooter(req, res, next);
+    case settings.APPSTORE_LISTING_CONFIG_KEY: return await setAppstoreListingConfig(req, res, next);
+    case settings.CLOUDRON_AVATAR_KEY: return await setCloudronAvatar(req, res, next);
+    case settings.CLOUDRON_NAME_KEY: return await setCloudronName(req, res, next);
+    case settings.FOOTER_KEY: return await setFooter(req, res, next);
 
     default: return next(new HttpError(404, 'No such branding'));
     }
diff --git a/src/routes/cloudron.js b/src/routes/cloudron.js
index e33005198..aa950b254 100644
--- a/src/routes/cloudron.js
+++ b/src/routes/cloudron.js
@@ -177,17 +177,16 @@ async function getMemory(req, res, next) {
     next(new HttpSuccess(200, result));
 }
 
-function update(req, res, next) {
+async function update(req, res, next) {
     if ('skipBackup' in req.body && typeof req.body.skipBackup !== 'boolean') return next(new HttpError(400, 'skipBackup must be a boolean'));
 
     // this only initiates the update, progress can be checked via the progress route
-    updater.updateToLatest(req.body, auditSource.fromRequest(req), function (error, taskId) {
-        if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(422, error.message));
-        if (error && error.reason === BoxError.BAD_STATE) return next(new HttpError(409, error.message));
-        if (error) return next(new HttpError(500, error));
+    const [error, taskId] = await safe(updater.updateToLatest(req.body, auditSource.fromRequest(req)));
+    if (error && error.reason === BoxError.NOT_FOUND) return next(new HttpError(422, error.message));
+    if (error && error.reason === BoxError.BAD_STATE) return next(new HttpError(409, error.message));
+    if (error) return next(new HttpError(500, error));
 
-        next(new HttpSuccess(202, { taskId }));
-    });
+    next(new HttpSuccess(202, { taskId }));
 }
 
 function getUpdateInfo(req, res, next) {